Security

Security | News, how-tos, features, reviews, and videos

United States Capitol building / United States Congress / abstract security concept

Many Cyberspace Solarium Commission recommendations expected to become federal law

Dozens of cybersecurity measures designed to protect US businesses and infrastructure are part of the National Defense Authorization Act. Budget, political concerns might eliminate some.

shocked, surprised men in a binary context

Top 8 weirdest, meanest and dumbest hacks of all time

Hackers have used some strange ways to break into networks or commit fraud. Not all are clever or smart.

locked data / bitcoins

A history of ransomware: The motives and methods behind these evolving attacks

Ransomware was a novelty until Bitcoin emerged. Today, ransomware is big business as gangs keep innovating.

handshake / teamwork / collaboration / partnership / deal / negotiation

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

Microsoft Office logo within an environment of abstract binary code with shield and lock.

Microsoft Office the most targeted platform to carry out attacks

The number of attacks carried out using the popular suite has increased in the past two years as browsers become harder targets. Office files are now more popular than PDFs to deliver malware.

A hacker with laptop diplays a skull and crossbones with Microsoft colors.

RDP hijacking attacks explained, and how to mitigate them

Attackers take advantage of a Windows Remote Desktop Protocol feature to take over previously disconnected sessions and appear as a legitimate user to gain system access and control,

raining data on keyboard programming developer code

What is DevSecOps? Why it's hard to do well

DevSecOps is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.

VPN security vulnerabilities  >  VPN alert / warning / network servers

Optimizing VPNs for security: 5 key tasks

As the need to support remote workers becomes long-term, it's wise to check your VPN configuration to minimize vulnerabilities.

An empty office has been cleared out with only a moving box remaining.

7 steps to securely shutting down business units

Closing down parts or all of a business involves more than just decommissioning IT assets. CISOs must lead a holistic effort to ensure data and access aren’t left exposed.

A pattern of Twitter-like bird icons and binary code is broken / breached / hacked.

Twitter hack raises alarm among government officials, security experts

The recent account takeover attack underscores how Twitter and other social platforms have become a critical component of political systems worldwide.

black hat / hacker entering a binary room through a keyhole

11 top DEF CON and Black Hat talks of all time

Hacker summer camp is almost upon us again. Here are some of the best talks of all time. Will this year's virtual talks measure up to these legends?

Scissors cutting through a hundred-dollar United States banknote

5 tips for cutting budgets in a crisis without hurting security

Sudden budget cuts like those businesses are facing due to the COVID crisis can have long-term negative effects on security. Here's how to trim costs and keep a positive future.

CSO slideshow - Insider Security Breaches - Two-faced businessman removes his mask in a binary world

Twitter VIP account hack highlights the danger of insider threats

The account compromise raises questions about Twitter's controls. Experts weigh in on best practices for mitigating risk from malicious or accidental insider threats.

An open lock sits on a credit card lying on a computer keyboard.

PCI DSS explained: Requirements, fines, and steps to compliance

PCI DSS is a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe.

GDPR / data privacy / protection

EU court invalidates Privacy Shield data transfer agreement

US companies receiving EU personal data under Privacy Shield will need to find a replacement legal mechanism, and the decision could affect data protection policies and procedures.

three global network puzzle pieces

3 XDR market challenges

XDR is a promising concept, but XDR vendors face deployment challenges and competition on several fronts.

computer worm

Wormable DNS flaw endangers all Windows servers

The SIGRed vulnerability can spread malware across a network without user interaction. Microsoft has issued an urgent patch.

Election security / vulnerabilities / United States flag overlays voting ballot and unsecured lock

Time running out to protect US November elections

Experts say it's too late for significant legislative action to better protect voting this fall, but meaningful changes are still possible.

Access control: A laptop displays an 'access granted' alert.

Protect your Windows network from excessive administrator rights

Every developer or user on your network with administrative privileges adds risk of account compromise. Review privileges and take these steps to better manage Windows network access rights.

Google Cloud

Google Cloud steps up security and compliance for applications, government

New Google Cloud offerings Confidential VMs and Assured Workloads for Government provide in-process data encryption and the ability to restrict storage locations, respectively.

Load More