News

CSO slideshow - Insider Security Breaches - Flag of China, binary code
Botnet Trouble / Botnet army

DDOS attack

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.

Brexit / privacy  >  Binary data + a U.K. umbrella drifting away on a sea branded with an E.U. flag

Privacy Shield and Brexit: What now? What next?

Once the UK leaves the European Union, companies on both sides of the Atlantic will need to act to ensure compliant data flows between the UK and US under Privacy Shield.

Hands typing on a laptop keyboard binary code and a hazard symbol on screen.

New NetCAT CPU side-channel vulnerability exploitable over the network

NetCAT takes advantage of Intel DDIO technology to remotely execute keystroke timing attacks.

Internet of Things (IoT) / security alert / wireless network management

IoT vendors ignore basic security best practices, CITL research finds

New measurements by the CITL mass fuzzing project show just how bad things really are--and how IoT device makers could radically increase binary security with one day of engineering work.

Cloud Security

Cloud security: Inside the shared responsibility model

The Capital One security fiasco has underlined that securing the cloud is both a complicated technology and contractual problem.

United States national government cybersecurity  >  Diverse hands surround/protect the U.S. Capitol.

Leader of new NSA Cybersecurity Directorate outlines threats, objectives

Director Anne Neuberger says her group will focus on ransomware, threats to US elections, and nation-state influence operations.

SMS phishing / smishing  >  Mobile phone displays text bubble with skull + crossbones

SMS-based provisioning messages enable advanced phishing on Android phones

Attackers can use this vulnerability to send highly credible phishing messages. Victims' internet traffic is then routed through the attacker's proxy.

blue mother board circuitry computer chip processor harddrive

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.

Japanese bowing etiquette / manners / digital connections

Improving BGP routing security by minding your MANRS

Enterprises can improve their routing security for modest costs, according to the Mutually Agreed Norms for Routing Security (MANRS) project.

Conceptual image of a network of executives / silhouettes of executives in motion.

Security executives on the move and in the news

Find up-to-date news of CSO, CISO and other senior security executive appointments.

CSO  >  Digital identity  >  personal identity / recognition + access authentication / personal data

Taxpayer First Act: Improving identity verification and modernizing the IRS

With citizens' PII at risk, some federal agencies like the IRS are moving away from knowledge-based verification. It's time for them all to follow suit.

Windows security and protection [Windows logo/locks]

More critical Remote Desktop flaws expose Windows systems to hacking

Microsoft finds and fixes multiple RDS and RDP vulnerabilities in Windows, but new research on BlueKeep patch rates suggests many machines could remain exposed.

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable

ICS security: Popular building management system vulnerable to takeover

Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries.

election hacking security 2020 election security flag global breach by stuartmiles99 getty

U.S. Rep Lieu hopeful for election security bill prospects

Congressman sees Republican softening on gun legislation as a sign they might be willing to consider election security. Calls on the security community to expose election system weaknesses.

many office desk phones

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.

teamwork collaboration / leadership / development / developers / abstract data

Black Hat keynote: Why security culture needs to change

Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale

binary code matrix

Inside the 2014 hack of a Saudi embassy

According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.

compromised data / security breach / vulnerability

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

Load More