Security
Security | News, how-tos, features, reviews, and videos
Security Recruiter Directory
To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.
Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past
President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.
What is IAM? Identity and access management explained
IAM products provide IT managers with tools and technologies for controlling user access to critical information within an organization.
How to reset Kerberos account passwords in an Active Directory environment
A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.
Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor
The Golden Chickens cybercriminal gang is believed to sell its more_eggs backdoor for spear phishing campaigns executed using information gleaned from victims' LinkedIn profiles.
Coca-Cola trade secret theft underscores importance of insider threat early detection
A research engineer used basic exfiltration techniques to steal trade secrets from Coca-Cola, but wasn't caught until she attempted to steal similar data from another company.
What's next for encryption if the RSA algorithm is broken?
A recent, yet to be proven paper claiming to have found a way to "destroy the RSA cryptosystem" has cryptographers asking what might replace it.
The SolarWinds hack timeline: Who knew what, and when?
Impact, detection, response, and ongoing fallout from the attack on SolarWinds' Orion remote IT management software.
New US CISO appointments, March 2021
Keep up with news of CSO, CISO and other senior security executive appointments.
How the CISO role is evolving
The chief information security officer (CISO) is the executive responsible for an organization's information and data security. Learn what it takes to land a CISO job and how to be successful in the role.
What are phishing kits? Web components of phishing attacks explained
A phishing kit is the back-end to a phishing attack. It's the final step in most cases, where the criminal has replicated a known brand or organization.
Microsoft 365 Defender updates bring a single portal view
New Microsoft 365 Security Center allows you to more quickly assess threat risk and take action, but you need an E5 license.
PHP backdoor attempt shows need for better code authenticity verification
Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.
10 pioneering women in information security
As Women's History Month comes to close, we introduce you (hopefully not for the first time) to some women who broke new ground in infosec, national security, and computer science.
Booming dark web gig economy is a rising threat
Experts seen a sharp increase in help-wanted ads for black hat hackers-for-hire. Here's what they are targeting and how to respond to the threat.
Sponsor Podcast in partnership with Microsoft
Episode 4: Reduce SOC burnout
Episode 4 - Listen to the podcast to learn more about the expanding threat landscape and how security leaders can reduce SOC burnout and enable security teams to be proactive and preventive threat hunters with a modern threat...
States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks
Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.
Can WebAuthn and U2F finally give us safe and easy Two-Factor authentication?
Using your smartphone for two-factor authentication is easy, but it's not as secure as you might think. The real future for secure 2FA lies in the WebAuthn and Universal 2nd Factor standards.
DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic
DoT and DoH provide data confidentiality with end-to-end encryption for DNS traffic, but each has trade-offs.
Attracted to disaster: Secrets of crisis CISOs
In the aftermath of a security incident, new CISOs are often appointed to take over and lead through the chaos. Here are the skills and traits experts say these crisis CISOs need—and how to prepare yourself to rise to the occasion.
-
White Paper
-
Case Study
Sponsored -
Case Study
Sponsored -
Video/Webcast
Sponsored -
Video/Webcast
Sponsored
BrandPosts
Learn more-
Sponsored by Cisco
-
Sponsored by CIS
-
Sponsored by ReliaQuest