Features

shocked, surprised men in a binary context

Top 8 weirdest, meanest and dumbest hacks of all time

Hackers have used some strange ways to break into networks or commit fraud. Not all are clever or smart.

Aspects of employment / communication / networking / partnership / collaboration / teams / hiring

The state of security hiring: Jobs, skills & salaries

Even in today's tough job market, demand for security pros remains high. We look at the hottest industries and markets for cyber security jobs — and what it will take to land a one of these top jobs.

locked data / bitcoins

A history of ransomware: The motives and methods behind these evolving attacks

Ransomware was a novelty until Bitcoin emerged. Today, ransomware is big business as gangs keep innovating.

Microsoft Office logo within an environment of abstract binary code with shield and lock.

Microsoft Office the most targeted platform to carry out attacks

The number of attacks carried out using the popular suite has increased in the past two years as browsers become harder targets. Office files are now more popular than PDFs to deliver malware.

handshake / teamwork / collaboration / partnership / deal / negotiation

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

A hacker with laptop diplays a skull and crossbones with Microsoft colors.

RDP hijacking attacks explained, and how to mitigate them

Attackers take advantage of a Windows Remote Desktop Protocol feature to take over previously disconnected sessions and appear as a legitimate user to gain system access and control,

raining data on keyboard programming developer code

What is DevSecOps? Why it's hard to do well

DevSecOps is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.

An empty office has been cleared out with only a moving box remaining.

7 steps to securely shutting down business units

Closing down parts or all of a business involves more than just decommissioning IT assets. CISOs must lead a holistic effort to ensure data and access aren’t left exposed.

black hat / hacker entering a binary room through a keyhole

11 top DEF CON and Black Hat talks of all time

Hacker summer camp is almost upon us again. Here are some of the best talks of all time. Will this year's virtual talks measure up to these legends?

Scissors cutting through a hundred-dollar United States banknote

5 tips for cutting budgets in a crisis without hurting security

Sudden budget cuts like those businesses are facing due to the COVID crisis can have long-term negative effects on security. Here's how to trim costs and keep a positive future.

An open lock sits on a credit card lying on a computer keyboard.

PCI DSS explained: Requirements, fines, and steps to compliance

PCI DSS is a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe.

An obscured password is displayed on a monitor.

5 best practices to secure single sign-on systems

Don't assume that SSO is inherently secure. Follow these recommendations to prevent unauthorized access due to authentication flaws.

cso ts analytics  by monsitj getty images 2400x1600

How to protect algorithms as intellectual property

Algorithms can now be considered trade secrets or even patent-worthy. Prevent them from being stolen by taking these security steps.

hacker / cryptocurrency attack

What is cryptojacking? How to prevent, detect, and recover from it

Criminals are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it.

access control / authentication / privileges / security / key

Privilege escalation explained: Why these flaws are so valuable to hackers

Attackers use privilege escalation flaws to gain access to systems and applications. Patching and monitoring are the most important ways to stop them.

California Consumer Privacy Act  / CCPA  >  State flag / secured data

California Consumer Privacy Act (CCPA): What you need to know to be compliant

California's new privacy law, AB 375, might not burden security as much as the GDPR, but details are subject to change.

iot security startups hot planets rocket lock security

15 hot tech skills getting hotter -- no certification required

Employers are apt to invest more often in cash premiums for noncertified tech skills compared to certifications. Here are a few they’re coveting the most now and going forward.

IPv6 wireless network protocol

7 points your security team needs to know about IPv6 (but probably doesn't)

The IPv6 protocol affects the security of your network even if you haven't deployed it internally. Here are the most important points every security team needs to understand about the protocol.

A laptop with a virtual overlay of abstract code and a binary skull.

Protecting high-value research data from nation-state attackers

Recent nation-state campaigns to steal COVID-related research data underscores the threat to all research organizations. The best defense starts with knowing the enemy.

open faucets leaking binary streams of data

What is DLP? How data loss prevention software works and why you need it

Data loss prevention (DLP) is a set of practices (and products) that ensure that an organization's sensitive or critical data is kept safe.

Load More