A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

IoT, connected devices biggest contributors to expanding application attack surface

New report shines light on application security challenges impacting global businesses.

Two developers collaborate on a project as they review code on a display in their workspace.

Guardz debuts with cybersecurity-as-a-service for small businesses

An easy-to-use cybersecurity toolkit from Tel Aviv-based startup Guardz targets small and medium-size businesses (SMBs).

database woman in tablet mobile

Privacera connects to Dremio’s data lakehouse to aid data governance

The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access.


Multifactor authentication  >  Mobile phone verification of a permission request for laptop login.

Trulioo launches end-to-end identity platform

The new Trulioo platform will combine all existing Trulioo products into a single platform, allowing the ID verification firm to target global enterprise customers.

social engineering fraud impersonation neon face with hoodie by photo by sebastiaan stam on unsplash

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.

international flags / global business discussion

New UN cybercrime convention has a long way to go in a tight timeframe

Nations around the world are hammering out a new cybercrime convention, but some UN members seek to criminalize activities that are not bona fide crimes.

Conceptual binary vault security mechanism.

How to survive below the cybersecurity poverty line

The security poverty line has become the benchmark of acceptable cybersecurity for businesses. Here are the factors that determine that benchmark and advice for those below it.

help wanted data center network room it shortage now hiring by yinyang getty

Economic headwinds could deepen the cybersecurity skills shortage

Security professionals will remain in high demand, but economic fallout will make hiring even harder.

vulnerable breach cyberattack hacker

Hackers abuse legitimate remote monitoring and management tools in attacks

Researchers and government agencies warn that threat actors are increasing their use of commercial RMM tools to enable financial scams.

Ransomware  >  A masked criminal ransoms data for payment.

FBI takes down Hive ransomware group in an undercover operation

FBI covertly infiltrated the Hive network—which has targeted more than 1,500 victims in over 80 countries around the world—and thwarted over $130 million in ransom demands.


conference / convention / audience / applause / clapping

The CSO guide to top security conferences

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths

9 API security tools on the frontlines of cybersecurity

Top API security tools can help hold the line against modern threats to the important and ubiquitous software development interfaces.

cso security hacker breach ransomeware gettyimages 1081349274 by sestovic 2400x1600px

Recent legal developments bode well for security researchers, but challenges remain

Security researchers gained greater federal legal protections over the past two years, but US state laws and China’s recently adopted vulnerability disclosure law pose threats.

binary code, magnifying lens, skull and crossbones

Attackers move away from Office macros to LNK files for malware delivery

Barriers that Microsoft has placed to prevent malicious macros has forced some cybercriminals to use LNK files for malware delivery, but at the cost of easier detection.

man in boat surrounded by sharks risk fear decision attack threat by peshkova getty

Chinese threat actor DragonSpark targets East Asian businesses

The group is seen using SparkRAT, a multi-platform remote access Trojan, to target firms in Hong Kong, Taiwan, China, and Singapore.