Security

Security | News, how-tos, features, reviews, and videos

Encryption > Encrypted data / hexadecimal code
Feature

Spike in encrypted malware poses dual challenge for CISOs

Faced with a surge in malware hidden in encrypted traffic, CISOs are being tasked with managing technical solutions while also adhering to privacy considerations.

resume template job application recruit stack of paper by peopleimages getty
Feature

8 tips for a standout security analyst resume

Learn how to present and prioritize your education, skills, and experience to land your next security analyst job.

cso security global breach networking hack invasion infiltrate 5g connected gettyimages 1211443622
News Analysis

Which countries are most (and least) at risk for cybercrime?

Cybersecurity firm SEON has come up with a snapshot of how the threat of cybercrime differs around the world, ranking countries that are most and least vulnerable.

CSO > secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms
Feature

Top cybersecurity M&A deals for 2021

The cybersecurity market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.

ransomware
Feature

REvil ransomware explained: A widespread extortion operation

The REvil group, a.k.a. Sodinokibi, re-victimizes its targets by threatening to release stolen data even after the initial ransom demand is paid.

hacker access to IoT / internet of things
News Analysis

Flaws in the Nucleus embedded TCP/IP stack puts critical systems at risk

The NUCLEUS:13 vulnerabilities can allow remote code execution or denial of service attacks. Billions of devices could be affected.

staffing the hybrid cloud public private cloud clouds
Feature

The 3 biggest challenges of SASE in hybrid cloud environments

Tool sprawl, inadequate cooperation between network and security teams, or lack of trust can derail SASE adoption in hybrid cloud environments.

An engineer reviews strategy framework data.
Feature

5 IT risk assessment frameworks compared

Formal risk assessment methodologies can help take guesswork out of evaluating IT risks if applied appropriately. Here is real-world feedback on using COBIT, OCTAVE, FAIR, NIST RMF, and TARA.

Conceptual image of a password amid hexadecimal code.
Feature

4 tools to prevent leaks in public code repositories

Use these tools to find your company's exposed secrets in repositories such as GitLab, GitHub, or Google Cloud Build before attackers do.

Cryptojacking > Binary skull, code and bitcoin symbols invade systems as malware
Feature

How to spot and block cryptominers on your network

Cryptominer malware is stealthy and drags down network and device performance. Some simple tasks and basic tools can minimize its impact.

Unitd States cybersecurity > U.S. flag with a digital network of locks instead of stars
News Analysis

Pentagon announces version 2.0 of its controversial CMMC program

CMMC 2.0 simplifies the process for SMBs, but critics say the verification process relies too much on self-attestation.

risk assessment - safety analysis - security audit
Feature

Why are people so bad at risk assessment? Blame the brain

Stakeholders and CISOs tend to have different perspectives on estimating the risk of a potential cybersecurity incident. Understanding the psychological aspects can help bridge the gap.

ransomware breach hackers dark web
News Analysis

US DOJ recovers $6 million and indicts two REvil principals

The DOJ promises a whole of government approach to fighting ransomware groups no matter which country they operate from.

mike hanley github cso
Feature

GitHub’s Mike Hanley: Today’s CISOs have to be out talking to customers

As the CISO role expands beyond conventional expectations, what it takes to be successful in the role is also changing, with customer focus and having a deep understanding of business context at the center, says GitHub CSO Mike Hanley....

nycrr cybersecurity gavel regulation compliance law nyc statue of liberty
News Analysis

Infrastructure bill includes $1.9 billion for cybersecurity

Passage of the infrastructure bill includes $1.9 billion for cybersecurity, and more could be on the way with the Build Back Better and other bills working their way through Congress.

A magnifying lens exposes an exploit amid binary code.
News Analysis

Update and isolate your Nagios servers now

Recently discovered vulnerabilities in Nagios servers could give attackers broad access to systems and data if exploited.

conference / convention / audience / applause / clapping
Feature

The CSO guide to top security conferences, 2021

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

cyber technology security protection monitoring concept advanced picture id1276687348
News

Graylog unites SIEM, AI-based anomaly detection in new security suite

Graylog is consolidating SIEM and UEBA (anomaly detection and user entity behavior analytics) in its new security package for streamlined detection and elimination of enterprise security threats .

A broken link in a digital chaing / weakness / vulnerability
News Analysis

CISA releases directive to remediate dangerous vulnerabilities across civilian agencies

While the move is applauded, a short timeframe to address vulnerabilities will be a challenge for security resource-strapped agencies.

timbrown solarwinds ciso 3x2
Interview

SolarWinds CISO: Know your adversary, what they want, watch everything

The compromise of SolarWinds' Orion software changed the company's approach to security. Tim Brown shares some hard-won advice for how CISOs and software vendors should prepare for supply chain attacks.

Load More