adding processor to circuit board computer hardware

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

cybersecurity ts

Is the cybersecurity skills shortage getting worse?

New research indicates that things are not improving for filling the demand for cybersecurity skills. The ramifications are widespread.

phishing threat

What is phishing? How this cyber attack works and how to prevent it

Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this venerable, but increasingly sophisticated, form of cyber attack.

jobs collaboration careers network

Security executives on the move and in the news

Find up-to-date news of CSO, CISO and other senior security executive appointments.

avengers wallpaper

‘Nuff said!

The Marvel Cinematic Universe started in comic books as the creations of three main visionaries: Stan Lee, Jack Kirby and Steve Ditko. They weren’t always successful. Through following the vision of their creators, a new group was...

6 gotta know ipassword tips reveal password with large type 6

What should your company’s change password policy be?

Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords.

Windows security and protection [Windows logo/locks]

How to outwit attackers using two Windows registry settings

These Microsoft Windows registry settings will prevent attackers from scheduling tasks that will hide their activities or gain unauthorized access.

dark secrets of enterprise architecture men meetng in dark tunnel

What is opsec? A process for protecting critical information

Opsec, which stands for operations security, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger...

green pin stuck in a gps device 125434813

What is GPS spoofing? And how you can defend against it

The U.S. Global Positioning System, part of a network of global navigation satellite systems (GNSS), is vulnerable to attacks that could disrupt many industries. Here's how it works and what you can do to mitigate its risk.

clock gear accuracy machine engineer

How to get started using Ghidra, the free reverse engineering tool

The Ghidra reverse engineering tool is free to download and use and is a worthy alternative to incumbent IDA Pro. Here's what you need to know to get started. (Some assembly required.)

welcome to north dakota sign 42678037784

North Dakota: An innovative and leading cybersecurity state

North Dakota is addressing the cybersecurity skills shortage with policies and programs for government, education, and business.

Hands write on paper with pen.

FINRA Rule 4512: U.S. SEC approves electronic signatures

The updated FINRA Rule 4512(a)(3) is now in effect, striking a blow against outdated regulations.

SAP

Public SAP exploits could enable attacks against thousands of companies

A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances. Here's what companies using SAP should do.

recruiting thinkstock

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

millennials trust

How Akamai implemented a zero-trust model

An effort that was triggered by a nation-state attack nine years ago has fundamentally transformed how people and devices access apps and services, limiting damage from lateral movement.

2fa sms

Why unauthenticated SMS is a security risk

Multifactor authentication that uses SMS messaging as a second factor is vulnerable to simple hacks. User education is the best defense.

security risk - phishing / malware / social engineering

9 types of malware and how to recognize them

Think you know your malware? Here's a refresher to make sure you know what you're talking about — with basic advice for finding and removing malware when you've been hit

cloud computing - smart city - data - network connections - binary rain

Why local governments are a hot target for cyberattacks

Recent ransomware and other attacks underscore the value attackers see in the data stored in city and regional government systems. Here's why they are vulnerable and what they can do to reduce the threat.

mobile security threat detection

5 threat detection and response technologies are coming together

Organizations use too many disparate point tools to detect and respond to cyber threats in a timely manner. As a result, CISOs want tight integration and interoperability across five cybersecurity technologies.

security firewall breach hacker privacy battle id work getty

How to enable the Windows Potentially Unwanted Application (PUA) feature

Turning on the PUA setting helps avoid users falling prey to malicious drive-by downloads.

Load More