News Analyses

A censorship label is splashed across an image of a man hiding behind his laptop.

TLS attacks and anti-censorship hacks

Despite safeguards in TLS 1.3, China is still censoring HTTPS communications, according to a new report. There are workarounds to this. Plus, how TLS can be used as an attack vector.

hybridcloud

Hybrid cloud complexity, rush to adopt pose security risks, expert says

Organizations rushing to adopt hosted cloud infrastructure alongside on-premises systems might not fully understand or address potential security threats.

dark secrets of devops code secret quiet by kristina flour unsplash

The state of application security: What the statistics tell us

Companies are moving toward a DevSecOps approach to application development, but problems remain with security testing ownership and open-source code vulnerabilities.

data keys encryption password by gerd altmann cc0 via pixabay

Mathematical Mesh alpha release promises better end-to-end encryption

Web pioneer proposes a new cryptographic system that relies on threshold key infrastructure to improve end-to-end encryption.

United States-United Kingdom flags with binary data flow under a magnifying lens.

What the end of Privacy Shield, Brexit mean for UK-US data flows

The fall of US data agreement further complicates the post-Brexit data situation for many companies.

CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Linux GRUB2 bootloader flaw breaks Secure Boot on most computers and servers

The vulnerability can also affect Windows systems. A patch is available, but will require manual testing and deployment.

United States Capitol building / United States Congress / abstract security concept

Many Cyberspace Solarium Commission recommendations expected to become federal law

Dozens of cybersecurity measures designed to protect US businesses and infrastructure are part of the National Defense Authorization Act. Budget, political concerns might eliminate some.

A pattern of Twitter-like bird icons and binary code is broken / breached / hacked.

Twitter hack raises alarm among government officials, security experts

The recent account takeover attack underscores how Twitter and other social platforms have become a critical component of political systems worldwide.

CSO slideshow - Insider Security Breaches - Two-faced businessman removes his mask in a binary world

Twitter VIP account hack highlights the danger of insider threats

The account compromise raises questions about Twitter's controls. Experts weigh in on best practices for mitigating risk from malicious or accidental insider threats.

GDPR / data privacy / protection

EU court invalidates Privacy Shield data transfer agreement

US companies receiving EU personal data under Privacy Shield will need to find a replacement legal mechanism, and the decision could affect data protection policies and procedures.

computer worm

Wormable DNS flaw endangers all Windows servers

The SIGRed vulnerability can spread malware across a network without user interaction. Microsoft has issued an urgent patch.

Election security / vulnerabilities / United States flag overlays voting ballot and unsecured lock

Time running out to protect US November elections

Experts say it's too late for significant legislative action to better protect voting this fall, but meaningful changes are still possible.

Google Cloud

Google Cloud steps up security and compliance for applications, government

New Google Cloud offerings Confidential VMs and Assured Workloads for Government provide in-process data encryption and the ability to restrict storage locations, respectively.

broken lock amid binary code and circuits

Critical flaw allows hackers to breach SAP systems with ease

SAP NetWeaver Application Server Java vulnerability can be exploited without authentication and lead to complete system takeover. Patch now.

power plant utilities energy innovation industrial iot american public power association unsplash

New DOE document names China, Russia as threats to US bulk power system

A US Department of Energy RFI seeks information on energy industry's supply chain security practices following executive order to develop industry regulations.

5G light trails

Domestic 5G development at core of US communications security plan

New NTIA document outlines White House 5G security goals, which promote home-grown R&D and call for continuous risk assessment and management.

USA / United States of America stars + stripes and binary code superimposed over The White House

Bipartisan bill could bring back the White House national cyber director role

Cyberspace Solarium Commission leaders introduce the National Cyber Director Act to reintroduce cybersecurity expertise into the White House.

Glowing blue montage of hand keying in password at ATM

Vulnerable drivers can enable crippling attacks against ATMs and POS systems

Newly discovered vulnerabilities could allow more persistent and destructive attacks on popular models of ATM and POS devices.

backdoor / abstract security circuits, locks and data blocks

New Republican bill latest in long line to force encryption backdoors

Here we go again. Senate Republicans push a new bill to mandate "lawful access" to encrypted devices and data. It won't end until law enforcement has better cyber forensics capabilities.

CSO slideshow - Insider Security Breaches - Flag of China, binary code

Data security risks threaten approval of Chinese undersea cable plan

The US government's "Team Telecom" wants to partially deny a proposed undersea cable connection between the US and Hong Kong over surveillance, data theft concerns.

Load More