Advertisement

How to implement and use the MITRE ATT&CK framework

The MITRE ATT&CK framework is a popular template for building detection and response programs. Here's what you'll find in its knowledgebase and how you can apply it to your environment.


CSO > Formula One- / Formula 1- / F1-style modeled wireframe race cars with abstract circuit overlay

Haas F1 team leans on service providers as security force multipliers

Formula One racing is expensive and comes with significant security concerns. An outsource-first policy lets a small security team effectively deal with threats at multiple locations.


passwords exposed authentication hacked vulnerable security breach

IT services giant HCL left employee passwords, other sensitive data exposed online

HCL left employee passwords, customer project details, and other sensitive information exposed online with no authentication.


Advertisement

drafting military for cyber security cybersecurity govenment

Will the U.S. government draft cybersecurity professionals?

A Congressional commission might soon recommend conscription of cybersecurity professionals to serve in both the military and civil service. Will the government force security pros to work for Uncle Sam?


network security / network traffic scanning connected devices

Review: How Awake Security uncovers malicious intent

This advanced network traffic monitoring platform identifies hidden threats and those that don’t use traditional malware, making it extremely powerful and useful in today’s threat environment.


CSO  >  danger / security threat / malware / binary skull overlaying binary code

What is malware? How to prevent, detect and recover from it

Malware is a blanket term for viruses, worms, trojans, and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information. Learn what malware does and how you can remove it—or prevent it.


ethics typewriter keys values morals
IDG Contributor Network

Digital ethics rising in importance

We must keep in mind that just because we have the ability to deploy a new technological innovation does not mean that we should. The need to prioritize digital ethics is becoming increasingly important for all organizations that are...


overwhelmed man stressed analytics information overload
Cybersecurity Snippets

The most stressful aspects of being a cybersecurity professional

Keeping up with IT, educating users, and working with the business top the list of the most stressful things of being a cybersecurity professional.


CSO > Microsoft Azure backups / cloud computing / binary code / data transfer

5 tips for better backups with Azure Backup Agent

Both on-premises and cloud networks need backup solutions that allow you to recover from ransomware attacks quickly. One option is to use the Azure Backup Agent.


CSO  >  secure mergers + acquisitions / handshake offer / extended hand / security shield / circuits

Why security needs to be involved early during mergers and acquisitions

M&A security can often be overlooked during deal making, leading to potential incidents down the line. Here's how UK newspaper Racing Post dealt with three acquisitions in three years, each with its own security requirements.


Advertisement

audience listens to speaker lecture at a conference presentation

The CSO guide to top security conferences, 2019

CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.


Broken window with band-aid patch

Microsoft urges Windows customers to patch wormable RDP flaw

A newly found vulnerability allows remote exploits using the Remote Desktop Protocol to gain full access to systems with no authentication.


CSO > collaboration / teamwork / empathy

How Microsoft builds empathy between its security and development teams

Ongoing cross-training, threat information sharing, executive support and a strong threat modeling infrastructure helps the company's security and development staff work collaboratively.


CSO > Invalidated cyber insurance

Does your cyber insurance cover social engineering? Read the fine print

Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.


Intel CPU  >  security

The second Meltdown: New Intel CPU attacks leak secrets

Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.