Advertisement

maze labrynth endpoint protection easy access bypass by gremlin getty

Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.


Encryption  >  A conceptual technological lock and encrypted code.

Collect today, decrypt tomorrow: How Russia and China are preparing for quantum computing

All encrypted data will eventually become vulnerable to quantum computing along with the secrets they hold.


security command center monitors control center getty goro denkoff

U.S. Cyber Command’s actions against ransomware draw support and criticism

The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware.


Advertisement

CSO slideshow - Insider Security Breaches - Two-faced businessman removes his mask in a binary world

Ubiquiti breach an inside job, says FBI and DoJ

Investigators claim Ubiquiti employee Nikolas Sharp stole company data and then played the role of whistleblower to draw attention away from is actions.


API security alert / software development / application flow chart diagram

A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

The new CISA playbooks provide sound guidance on incident and vulnerability response, but mainly from a process perspective.


CSO  >  malware / security threat

Malware variability explained: Changing behavior for stealth and persistence

More malware is designed to be variable, choosing which computers to infect or even the type of attack to execute.


Ransomware  >  A masked criminal ransoms data for payment.

The worst and most notable ransomware: A quick guide for security pros

The ransomware gangs and their malware listed here have victimized millions of companies and caused billions of dollars in costs.


conference / convention / audience / applause / clapping

The CSO guide to top security conferences, 2021

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.


CW > Microsoft Store  / abstract download

Sideloading attacks explained: How a malicious app can bring down a business

A new sideloading malware campaign targeting Windows uses phishing and social engineering tactics that can be difficult for users to spot.


A binary map of china.

China's Personal Information Protection Law (PIPL) presents challenges for CISOs

PIPL's data localization mandate places unique requirements on businesses operating in China, and regulators have great leeway to assess fines.


Advertisement

insurance

Cyber insurance explained: What it covers and why prices continue to rise

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), mitigates risk exposure by offsetting costs involved with damages and recovery after a cybersecurity incident.


Microsoft Windows  >  Defending against attacks

Microsoft announces new security, privacy features at Ignite

Microsoft has consolidated some security tools under the Defender brand and added security and privacy features and products. Here's a look at what's new.


insurance

Cyber insurance explained and why you need it

Cyber insurance can't protect your organization from cybercrime, but it can keep your business on stable financial footing should a significant security event occur.


facial recognition - biometric security identification

UK ICO to fine Clearview AI £17 million for data protection law breaches

The facial recognition company is cited for not having proper data protection processes in place or a lawful reason to collect personal information, among other violations.


15 troubleshoot printer

New HP MFP vulnerabilities show why you should update and isolate printers

Researchers have discovered two dangerous vulnerabilities in HP multifunction printers that use its FutureSmart firmware, including one that is exploitable remotely.