Advertisement

gavel / abstract binary lines  >  court judgment / fine / penalty / settlement

The biggest data breach fines, penalties and settlements so far

Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $1.3 billion and counting.


Malware alert  >  United States Capitol Building

TrickBot gets new UEFI attack capability that makes recovery incredibly hard

Researchers discover a new TrickBot module that allows malware to persist even after reformatting or replacing a hard drive.


Windows security and protection [Windows logo/locks]

How attackers exploit Window Active Directory and Group Policy

Attackers have learned to use Active Directory and Group Policy to find weaknesses in Windows networks and identify targets. Here's what you can do to prevent that.


Advertisement

Election security  >  Backlit hand drops a vote in a ballot box with US flag + binary code overlay

Cybersecurity under fire: CISA’s former deputy director decries post-election vilification

Matt Travis talks about CISA's role in the recent US elections and how President Trump and his surrogates have politicized the security function.


Social media threats / risks / dangers / headaches  >  Text bubbles bearing danger signs

4 tips for partnering with marketing on social media security

Threat actors watch social media accounts to gather intelligence about a targeted company. Here's how to get marketing to work with security to minimize the risk.


cubes - blocks - squares - containers - storage - repository

Half of all Docker Hub images have at least one critical vulnerability

New research reveals the scale at which criminals have exploited public open-source Docker repositories to plant malware among container images.


cso information security policy risk management writing policy by metamorworks getty 2400x1600

2020 security priorities: Pandemic changing short- and long-term approaches to risk

The way organizations assess and respond to security risks will likely never be the same due to COVID, say respondents of a new IDG survey.


conference / convention / audience / applause / clapping

The CSO guide to top security conferences, 2020

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.


compliance / regulations / rules / law / standards / policies

The Sarbanes-Oxley Act explained: Definition, purpose, and provisions

The Sarbanes-Oxley Act (sometimes referred to as SOA, Sarbox, or SOX) is a U.S. law passed in 2002 that aimed to protect investors by preventing fraudulent accounting and financial practices at publicly traded companies.


Computerworld Cheat Sheet  >  Microsoft Excel 2016

Why Excel 4.0 macro exploits are surging

Researchers discover progressively complex and effective XL4 attacks that take advantage of the many organizations that still rely on the old functionality.


Advertisement

radar grid overlays the pupil of an eye / intrusion detection / scanning / threat assessment

Beyond the firewall: Intrusion Detection Systems

Firewalls are so 2000s. With your "office" now scattered over homes everywhere, you need a new way of protecting your office from network threats and that's IDSs.


cso ts ai ml by just super getty images 2400x1600

How secure are your AI and machine learning projects?

Artificial intelligence and machine learning bring new vulnerabilities along with their benefits. Here's how experts minimized their risk.


Skull-and-crossbones, code and the 'stop' gesture: hand held forward, palm out, fingers pointing up

How to use Windows Defender Attack Surface Reduction rules

With Microsoft's Attack Surface Reduction, you can set rules to block risky actions for each workstation on your network.


swatting swat team raid police by onfokus getty images

What is swatting? Unleashing armed police against your enemies

Swatting is a form of harassment that uses prank calls to send police SWAT teams into victims' homes. Here's what you need to know about this dangerous practice.


iot internet of things chains security by mf3d getty

New US IoT law aims to improve edge device security

The Internet of Things Cybersecurity Improvement Act will require device manufacturers to meet new security standards for government contracts. Carryover effect expected for the private sector.