Features

security risk - phishing / malware / social engineering

What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders

With XSS, attackers enter malicious code into a web form or web app URL to trick the application into doing something it's not supposed to do.

recruiting thinkstock

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

social certs hp

Top cyber security certifications: Who they're for, what they cost, and which you need

Expand your skills, know-how and career horizons with these highly respected cyber security certifications.

Adobe logo and products reflected in displays.

Adobe’s CSO talks security, the 2013 breach, and how he sets priorities

Brad Arkin has led Adobe's new approach to security and aims to make sure one of history’s biggest data breaches doesn’t happen again.

patch

6 steps for a solid patch management process

Patch management is simply the practice of updating software – most often to address vulnerabilities. Although this sounds straightforward, patch management is not an easy process for most IT organizations. Here are the steps you need...

data breach thinkstock

Verizon report: Ransomware top malware threat of 2017, moving into critical systems

DDoS attacks are also on the rise, but spying reports are down. Fewer people are clicking on phishing links.

fact fiction debunk myths truth

5 myths of API security

In light of Panera Bread’s API-related data breach, here what is — and isn’t — true about protecting application programming interfaces.

scale balance compare apple os versus windows 10 os

Microsoft Windows 10 vs. Apple macOS: 18 security features compared

Here's how the world's two most popular desktop OSes keep systems and data safe from malware, unauthorized access, hardware exploits and more.

digital money - binary code

How to detect and prevent crypto mining malware

Hackers are placing crypto mining software on devices, networks, and websites at an alarming rate. These tools can help spot it before it does great harm.

framework metal

What is Mitre's ATT&CK framework? What red teams need to know

The ATT&CK framework allows security researchers and red teams to better understand hacker threats.

plastic soldiers

Open source software security challenges persist

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

Government building with greek columns

What is FedRAMP? How cloud providers get authorized to work with the U.S. government

The process for getting the FedRAMP seal of approval is complex, but it can ultimately be lucrative for companies that meet the security requirements.

07 vote

Want to hack a voting machine? Hack the voting machine vendor first

How password reuse and third-party breaches leave voting machine vendors vulnerable to attack.

ransomware

11 ransomware trends for 2018

Ransomware creators are getting more sophisticated in how they infect systems, avoid detection, and foil decryption efforts.

passwords

1.4B stolen passwords are free for the taking: What we know now

The 2012 LinkedIn breach, along with other old third-party breaches, is still paying dividends for criminals, who now have free access to 1.4 billion previously exposed email addresses and passwords.

online hacker

Testing the waters: The value of ethical hacking for business

Why bug bounty programs are on the rise

privacy breach - surveilling eye at a digital keyhole in a binary wall

Are you letting GDPR’s privacy rules trump security?

An extreme approach to protecting privacy can actually make personal data less safe. Don’t overreact.

CSO slideshow - Insider Security Breaches - Two-faced businessman removes his mask in a binary world

Insider threat examples: 7 insiders who breached security

You can build a wall, set up perimeter defenses, and spend massive resources maintaining it all. But if your enemy is within, that wall will do you no good.

supply chain management logistics - ERP - Enterprise Resource Planning

8 questions to ask about your industrial control systems security

Do you have a real cybersecurity-focused ICS strategy in place, or are you force-fitting IT security policies on your industrial control systems?

hot and cold fire and ice clash temperature

8 hot cyber security trends (and 4 going cold)

What trends do security pros have their eyes on? Their answers run the gamut from tools and technologies to threats, tactics, and training.

Load More