Advertisement

Security threat   >   One endpoint on a network has been compromised.

How to choose an endpoint protection suite

Endpoint protection has come a long way since the days of dedicated antivirus servers. Here are the basic and more advanced features to look for in an enterprise endpoint protection suite.


cybersecurity ts

MITRE ATT&CK, VERIS frameworks integrate for better incident insights

The MITRE ATT&CK/VERIS collaboration aims to create a common dictionary for communicating information about security incidents.


intro crew highly effective teams rowing

Seven strategies for building a great security team

The dangers of a dysfunctional security team are easy to imagine, ranging from difficulty attracting and retaining talent to putting your organization at risk. These seven steps can make a world of difference.


Advertisement

A man and woman sit on opposite sides of an office desk, in discussion.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.


programmer developer devops apps developer code hacker dark secrets by peopleimages getty

10 top API security testing tools

Application programming interfaces have become a favorite target for attackers. These tools and platforms (both commercial and open source) will help identify errors, vulnerabilities, and excessive permissions.


cso security hack breach water leak gettyimages 466029458 by firmafotografen 2400x1600px

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...


zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

How to mitigate the Microsoft Office zero-day attack

Follow this advice to block malicious Office files from doing harm to your network even if you've implemented Microsoft's recommended actions.


red padlock cybersecurity threat ransomeware

The Kaseya ransomware attack: A timeline

REvil's ransomware attack on software provider Kaseya underscored the threats to supply chains that ransomware groups pose. Here is an up-to-date timeline of the attack.


One person uses a calculator while another reviews financial data.

The new math of cybersecurity value

An increasing number of CISOs are devising a new set of metrics to show how they’re impacting risk at their organizations.


job growth climbing the corporate ladder promotion stairs corporate govenernance new job nathan dum

CRISC certification: Your ticket to the C-suite?

Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. Learn about the exam, prerequisites, study guides, and potential salary.


Advertisement

security threats and vulnerabilities

APT actors exploit flaw in ManageEngine single sign-on solution

US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate.


radar grid / computer circuits / intrusion detection / scanning
Cybersecurity Snippets

5 observations about XDR

The technology is evolving, so security professionals and pundits must be open-minded and closely track market developments.


A U.S. dollar sign casts a question mark shadow.

7 unexpected ransomware costs

Indirect costs related to a ransomware attack can add up over time. These are the expenses and financial risks that CISOs should be aware of.


CSO  >  secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms

Top cybersecurity M&A deals for 2021

The cybersecurity market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.


danger lurking in mobile binary code

How APTs become long-term lurkers: Tools and techniques of a targeted attack

A new McAfee report details the tools and techniques an APT group used to go undetected on a client network for over a year.