UNITED STATES

Welcome! Here are the latest Insider stories.

More Insider Sign Out

News

Brexit / privacy > Binary data + a U.K. umbrella drifting away on a sea branded with an E.U. flag

Privacy Shield and Brexit: What now? What next?

Once the UK leaves the European Union, companies on both sides of the Atlantic will need to act to ensure compliant data flows between the UK and US under Privacy Shield.

Hands typing on a laptop keyboard binary code and a hazard symbol on screen.

New NetCAT CPU side-channel vulnerability exploitable over the network

NetCAT takes advantage of Intel DDIO technology to remotely execute keystroke timing attacks.

Internet of Things (IoT) / security alert / wireless network management

IoT vendors ignore basic security best practices, CITL research finds

New measurements by the CITL mass fuzzing project show just how bad things really are--and how IoT device makers could radically increase binary security with one day of engineering work.

Cloud Security

Cloud security: Inside the shared responsibility model

The Capital One security fiasco has underlined that securing the cloud is both a complicated technology and contractual problem.

SMS phishing / smishing > Mobile phone displays text bubble with skull + crossbones

SMS-based provisioning messages enable advanced phishing on Android phones

Attackers can use this vulnerability to send highly credible phishing messages. Victims' internet traffic is then routed through the attacker's proxy.

blue mother board circuitry computer chip processor harddrive

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.

Japanese bowing etiquette / manners / digital connections

Improving BGP routing security by minding your MANRS

Enterprises can improve their routing security for modest costs, according to the Mutually Agreed Norms for Routing Security (MANRS) project.

Conceptual image of a network of executives / silhouettes of executives in motion.

Movers and ShakersBy CSO staff

Security executives on the move and in the news

Find up-to-date news of CSO, CISO and other senior security executive appointments.

FaceApp sparks a frenzied witch hunt, but concerns around facial recognition valid

The vastly popular Russia-born FaceApp has the internet in a tizzy. The US, quick to sniff out a Russian conspiracy, is crying wolf over privacy concerns. It does have a point, though.

vulnerable gdpr breach security cyber attack 100747296 orig

GDPR clocks over USD 294 million in penalties so far; British Airways latest on hit list

The tough-as-nails GDPR mandate has imposed its biggest penalty yet on British Airways.

More critical Remote Desktop flaws expose Windows systems to hacking

Microsoft finds and fixes multiple RDS and RDP vulnerabilities in Windows, but new research on BlueKeep patch rates suggests many machines could remain exposed.

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable

ICS security: Popular building management system vulnerable to takeover

Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries.

many office desk phones

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.

teamwork collaboration / leadership / development / developers / abstract data

Black Hat keynote: Why security culture needs to change

Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale

binary code matrix

Inside the 2014 hack of a Saudi embassy

According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.

compromised data / security breach / vulnerability

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

binary code matrix broken / breached / failed / hacked / security risk / threat / vulnerability

Critical VxWorks flaws expose millions of devices to hacking

Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and...

hacked computer security symbol hacked rot

15 signs you've been hacked -- and how to fight back

Redirected internet searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been hacked.

Load More

Popular Resources

Solution Brief
Sponsored

How Cybercriminals are Impersonating Google Docs, Outlook and DocuSign to Steal Your Credentials
White Paper

Shifting Toward Enterprise-Grade AI

See All

Most Popular

BrandPosts

Sponsored by HPE

How Hybrid Cloud Simplifies Data Sovereignty Challenges
Sponsored by Barracuda

Threat Spotlight: Lateral Phishing