News

Cloud Security

Cloud security: Inside the shared responsibility model

The Capital One security fiasco has underlined that securing the cloud is both a complicated technology and contractual problem.

United States national government cybersecurity > Diverse hands surround/protect the U.S. Capitol.

Leader of new NSA Cybersecurity Directorate outlines threats, objectives

Director Anne Neuberger says her group will focus on ransomware, threats to US elections, and nation-state influence operations.

SMS phishing / smishing > Mobile phone displays text bubble with skull + crossbones

SMS-based provisioning messages enable advanced phishing on Android phones

Attackers can use this vulnerability to send highly credible phishing messages. Victims' internet traffic is then routed through the attacker's proxy.

blue mother board circuitry computer chip processor harddrive

Insecure virtual USB feature in Supermicro BMCs exposes servers to attack

Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.

Japanese bowing etiquette / manners / digital connections

Improving BGP routing security by minding your MANRS

Enterprises can improve their routing security for modest costs, according to the Mutually Agreed Norms for Routing Security (MANRS) project.

Conceptual image of a network of executives / silhouettes of executives in motion.
Movers and ShakersBy

Security executives on the move and in the news

Find up-to-date news of CSO, CISO and other senior security executive appointments.

CSO > Digital identity > personal identity / recognition + access authentication / personal data

Taxpayer First Act: Improving identity verification and modernizing the IRS

With citizens' PII at risk, some federal agencies like the IRS are moving away from knowledge-based verification. It's time for them all to follow suit.

Windows security and protection [Windows logo/locks]

More critical Remote Desktop flaws expose Windows systems to hacking

Microsoft finds and fixes multiple RDS and RDP vulnerabilities in Windows, but new research on BlueKeep patch rates suggests many machines could remain exposed.

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable

ICS security: Popular building management system vulnerable to takeover

Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries.

election hacking security 2020 election security flag global breach by stuartmiles99 getty

U.S. Rep Lieu hopeful for election security bill prospects

Congressman sees Republican softening on gun legislation as a sign they might be willing to consider election security. Calls on the security community to expose election system weaknesses.

many office desk phones

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Attackers can use the vulnerability to gain complete control of the phone. It underscores the risks of using old open-source code in IoT devices.

teamwork collaboration / leadership / development / developers / abstract data

Black Hat keynote: Why security culture needs to change

Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale

binary code matrix

Inside the 2014 hack of a Saudi embassy

According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.

compromised data / security breach / vulnerability

New Spectre-like CPU vulnerability bypasses existing defenses

The SWAPGS vulnerability can allow attackers to access contents of kernel memory addresses. Microsoft and Intel have coordinated on a mitigation.

binary code matrix broken / breached / failed / hacked / security risk / threat / vulnerability

Critical VxWorks flaws expose millions of devices to hacking

Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and...

hacked computer security symbol hacked rot

15 signs you've been hacked -- and how to fight back

Redirected internet searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been hacked.

CSO > Equifax data breach

Equifax’s data breach disaster: Will it change executive attitudes toward security?

Equifax's 2017 breach will cost it billions in fines, customer restitution and mandated and voluntary security improvements. All organizations that profit from consumer data should take notice.

election hacking security 2020 election security flag global breach by stuartmiles99 getty

Why getting election security right for 2020 matters

The U.S. is moving at glacial speed to secure election systems against possible interference by foreign adversaries. We're not even close to ready, and that could call contests into question.

Composite image of binary code and biometric fingerprint scanning authorization.

Companies with zero-trust network security move toward biometric authentication

According to new research, more companies are enabling biometric authentication on devices to verify access requests.

CSO > ransomware / security threat

To pay or not pay a hacker’s ransomware demand? It comes down to cyber hygiene

A recent call for city leaders to stop paying ransomware demands underscores the need for municipalities to step up their cyber practices and have a good backup process in place.

Load More