Zero-click attacks explained, and why they are so dangerous

Zero-click attacks, especially when combined with zero-day vulnerabilities, are difficult to detect and becoming more common.

executives on the move stairs career promotion upward steps

Security leaders chart new post-CISO career paths

The evolution and growing prominence of the CISO role gives holders more options on where to go next in their careers.

hackathon students code programmer devops certification by rawpixel unsplash

23 DevSecOps tools for baking security into the development process

Catch and remediate application vulnerabilities earlier and help integrate security in the the development process with these five categories of DevSecOps tools.

A man and woman sit on opposite sides of an office desk, in discussion.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

A pattern of Twitter-like bird icons and binary code is broken / breached / hacked.

Musk’s Twitterverse and the future of misinformation

Security influencers weigh in with both concerns and curiosity over the future of the social network.

One avatar is uniquely identified among others at the center of a bullseye in a digital environment.

9 top identity and access management tools

Identity is becoming the new perimeter, and these IAM tools have evolved to help secure assets as organizations rely less on traditional perimeter defenses and move to zero-trust environments.


9 most important steps for SMBs to defend against ransomware attacks

Here's how small- to medium-sized businesses can effectively protect their networks against the risk of ransomware without breaking their security budgets.

handshake / meeting / teamwork / collaboration / partnership / trust

Secrets to building a healthy CISO-vendor partnership

Productive CISO-vendor partnerships are to key to overall security success. Here's how to establish and maintain effective relationships with security vendors.

Multifactor authentication  >  A mobile phone displays a digital key to a lock on a user's laptop.

10 most common MFA excuses, and how to answer them

CISOs often meet resistance to multi-factor authentication from users, management, and even IT. Here's how to counter their complaints.

rocket launch startup cloud success growth badge

Security startups to watch for 2022

Security startups are often innovation leaders. These are some of the most interesting ones to watch as they tackle issues around cloud security, asset management and more.

CSO  >  What is a computer virus?

Computer viruses explained: Definition, types, and examples

A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.

Phishing attack   >   A fish hook hover above binary code with a caution triangle.

10 top anti-phishing tools and services

Some of these solutions will help find and stop phishing emails before they can cause damage, while others will find phishers fraudulently using your business's brand.

network security lock and cables

Protecting on-premises Microsoft servers

Many organizations still have on-premises Microsoft Exchange, SharePoint, or Office servers with inadequate protections.

sdn software defined network architecture

New SDP 2.0 specification facilitates zero-trust maturity

The Cloud Security Alliance's Software-Defined Perimeter 2.0 specification creates a path to a zero-trust approach through strong access controls.

Botnet Trouble / Botnet army

How a new generation of IoT botnets is amplifying DDoS attacks

IoT botnets are not new. Nor are DDoS attacks. But the two are on a trajectory that is raising the stakes in DDoS protection and bot takeover prevention.

hacking critical infrastructure security

After foiled Sandworm attack, US critical infrastructure should stand guard

Russian attack on Ukrainian power company likely just the beginning.

VPN / network security

How to choose the best VPN for security and privacy

Virtual private networks still have a place in the enterprise for protecting data and networks. Here's what you need to know when selecting a VPN.

mwc intel brian krzanich 5g drone stock image

Drones as an attack vector: Vendors need to step up

Growing commercial use and few built-in defenses make drones an attractive target for malicious actors.

risk assessment gauge

Spring4Shell: Assessing the risk

Spring4Shell does not affect most systems, so a calm, methodical approach to assessing the real threat is best.

A network of connected virtual container blocks.

Managing container vulnerability risks: Tools and best practices

The sooner you can identify vulnerabilities in containers, the better, and this advice on practices and tools can help.

Load More