Industry
Industry | News, how-tos, features, reviews, and videos
New UN cybercrime convention has a long way to go in a tight timeframe
Nations around the world are hammering out a new cybercrime convention, but some UN members seek to criminalize activities that are not bona fide crimes.
The CSO guide to top security conferences
Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.
Veterans bring high-value, real-life experience as potential cybersecurity employees
Veterans come with a range of hard and soft skills acquired during their military service that often dovetail perfectly into a career in cybersecurity.
P-to-P fraud most concerning cyber threat in 2023: CSI
Peer-to-peer fraud and other digital fraud constituted more than 29% of bankers categorizing it as the most worrying cyber threat in 2023, according to CSI.
US Supreme Court leak investigation highlights weak and ineffective risk management strategy
The court’s inability to find out who leaked the draft decision and how they did it is a cautionary tale for CISOs about safeguarding sensitive information and intellectual property.
European data protection authorities issue record €1.65 billion in GDPR fines
DLA Piper’s GDPR and Data Breach survey shows a 50% increase in fines in the last 12 months. Data protection authorities turning their focus to artificial intelligence.
Cybercriminals bypass Windows security with driver-vulnerability exploit
CrowdStrike says cybercrime gang Scattered Spider has exploited longtime Windows security issues to use bring-your-own-vulnerable-driver (BYOVD) techniques against its own and other endpoint tools.
Data leak exposes information of 10,000 French social security beneficiaries
More than 10,000 recipients of the French social security agency CAF saw their data exposed for nearly a year and a half, after a file containing personal information was sent to a service provider responsible for training the...
Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says
India, the US, Indonesia, and China accounted for 40% of the total reported cyberattacks in the government sector.
Meta hit with $413 million fine in EU for breaking GDPR rules
Regulatory wrangling results in a huge new fine over Facebook and Instagram data handling, even as Meta vows to appeal and EU data protection groups prepare for a court battle.
US Congress funds cybersecurity initiatives in FY2023 spending bill
This year’s appropriation bill covers a lot of cybersecurity territory, including threats from TikTok and foreign adversaries and steps to improve medical device security.
The top 12 tech stories of 2022
The year highlighted how vulnerable the technology sector is to the vagaries of geopolitics and the macroeconomy, as IT giants laid off workers, regulators cracked down on tech rule-breakers, nations negotiated data security...
Dozens of cybersecurity efforts included in this year’s US NDAA
Cybersecurity initiatives included in the US National Defense Authorization Act for 2023 include increased funding for Cybercom’s hunt-forward operations.
Microsoft’s EU data boundary plan to take effect Jan. 1
The plan, which covers Microsoft products and services such as Azure, Power BI, Dynamics 365 and Office 365, will allow customers to store and process their customer data within the EU.
GAO warns government agencies: focus on IoT and OT within critical infrastructure
Several key US departments are falling woefully short on cybersecurity measures for infrastructure connected to the internet of things and operational technologies, the GAO said in a scathing report.
Report highlights serious cybersecurity issues with US defense contractors
The CyberSheath report found that US defense contractors are “woefully unprepared” and often don’t meet even the most basic security requirements that would keep military secrets safe.
European Commission takes step toward approving EU-US data privacy pact
The EU-US Data Privacy Framework—drafted to allow the flow of data between the US and the European Union—has cleared the first hurdle on its way to approval in the EU, but criticism of the pact makes it far from a done deal.
PCI Secure Software Standard version 1.2 sets out new payment security requirements
Changes include the Web Software Module to help payment software vendors and developers identify and implement security controls to protect against attacks.