news analysisLogoFAIL attack can inject malware in the firmware of many computersResearchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics.By Lucian ConstantinDec 08, 20238 minsMalwareMalwareCybercrime news analysis Attackers breach US government agencies through ColdFusion flawBy Lucian ConstantinDec 06, 20235 minsAdvanced Persistent ThreatsAdvanced Persistent ThreatsAdvanced Persistent Threatsfeature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilitiesBy Susan BradleyDec 06, 20236 minsWindows SecurityWindows SecurityWindows Security news analysisRussia's Fancy Bear launches mass credential collection campaigns By Lucian Constantin Dec 05, 20235 minsAdvanced Persistent ThreatsAdvanced Persistent ThreatsAdvanced Persistent Threats feature3 ways to fix old, unsafe code that lingers from open-source and legacy programsBy Maria Korolov Nov 29, 20239 minsSecurity PracticesVulnerabilitiesSecurity newsFlaw in Citrix software led to the recent cyberattack on Boeing: ReportBy Gagandeep Kaur Nov 22, 20233 minsVulnerabilities newsMOVEit carnage continues with over 2600 organizations and 77M people impacted so farBy Gagandeep Kaur Nov 21, 20233 minsData BreachVulnerabilities news analysisIntel patches high-severity CPU privilege escalation flawBy Lucian Constantin Nov 15, 20234 minsVulnerabilities news analysisCisco patches serious flaws in Firepower and Identity Services EngineBy Lucian Constantin Nov 06, 20234 minsNetwork SecurityVulnerabilities ArticlesnewsChatGPT “not a reliable” tool for detecting vulnerabilities in developed codeNCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks.By Michael Hill Oct 04, 2023 3 minsDevSecOpsDevSecOpsDevSecOpsnewsArm patches bugs in Mali GPUs that affect Android phones and ChromebooksThe vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 minsAndroid SecurityAndroid SecurityMobile SecuritynewsCybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirementsOpen letter claims current provisions will create new threats that undermine the security of digital products and individuals.By Michael Hill Oct 03, 2023 4 minsRegulationRegulationRegulationnewsNew Trojan ZenRAT masquerades as Bitwarden password managerA report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities.By Lucian Constantin Sep 28, 2023 4 minsCyberattacksHackingData and Information SecuritynewsGitlab fixes bug that exploited internal policies to trigger hostile pipelinesIt was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies.By Shweta Sharma Sep 21, 2023 3 minsVulnerabilitiesfeatureKey findings from the CISA 2022 Top Routinely Exploited Vulnerabilities reportCISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem.By Chris Hughes Sep 21, 2023 8 minsZero TrustZero TrustZero TrustnewsMicrosoft reveals memory corruption bugs in ‘ncurses’ libraryThe research reveals that the vulnerabilities can allow attackers to gain unauthorized access to systems and data by modifying a program’s memory.By Shweta Sharma Sep 18, 2023 3 minsVulnerabilitiesnews analysisAutomotive supply chain vulnerable to attack as cybersecurity regulation loomsAlmost two-thirds of automotive industry leaders believe their supply chain is vulnerable to cyberattacks, with many behind the curve on upcoming international regulation.By Michael Hill Sep 14, 2023 5 minsRegulationAutomotive IndustrySupply Chainnews analysisNew Kubernetes vulnerability allows privilege escalation in WindowsAttackers can abuse YAML configuration files to execute malicious commands in Windows hosts.By Lucian Constantin Sep 13, 2023 4 minsDevSecOpsApplication SecurityVulnerabilitiesnews analysisSevere Azure HDInsight flaws highlight dangers of cross-site scripting Microsoft flagged the now-patched vulnerabilities as important, and they serve as a reminder to implement proper XSS defenses.By Lucian Constantin Sep 13, 2023 5 minsInternet SecurityVulnerabilitiesfeatureEmerging cyber threats in 2023 from AI to quantum to data poisoningIn cybersecurity’s never-ending cat-and-mouse game with hackers and grifters, the threats are always evolving. Here are some of the main attacks experts see as the biggest and baddest on the horizon.By Mary K. Pratt Sep 07, 2023 10 minsAdvanced Persistent ThreatsHackingThreat and Vulnerability ManagementnewsNew research reveals most-attacked, most-vulnerable assetsWhile medical devices are the most susceptible to unpatched CVEs, operational technology assets are the most attacked.By Michael Hill Sep 05, 2023 4 minsCritical InfrastructureNetwork SecurityVulnerabilities Show more Show less View all Resources whitepaper Why Acceptance Insurance is Confident in Ability to Detect and Rapidly Recover from Any Attack With SOX compliance and state insurance regulations, Acceptance Insurance was bleeding resources, time, and money to keep up. See this case study to find out how Acceptance Insurance stopped the bleeding. The post Why Acceptance Insurance is Confident in Ability to Detect and Rapidly Recover from Any Attack appeared first on Whitepaper Repository. By Cohesity Inc. 08 Dec 2023Backup and RecoveryBusiness OperationsCloud Security whitepaper Cloud Backup Evaluation Guide & Checklist By Cohesity Inc. 08 Dec 2023Backup and RecoveryBusiness OperationsCloud Security whitepaper Ransomware Readiness Evaluation Guide By Cohesity Inc. 08 Dec 2023Backup and RecoveryBusiness OperationsData and Information Security View all Video on demand videoPrinters: The overlooked security threat in your enterprise | TECHtalkPrinters, often a forgotten target in the enterprise, are vulnerable to all the usual cyberattacks. Watch as IDG TECH(talk) hosts Ken Mingis and Juliet Beauchamp and CSO Online's J.M. Porup discuss the threats to these devices, plus how to secure them and protect your network. Nov 07, 2019 20 minsHackingPrintersVulnerabilities Don't ignore application security | Salted Hash Ep 35 Jul 23, 2018 18 minsApplication SecurityVulnerabilitiesSecurity The Dyn cyberattack, one year later | Salted Hash Ep 11 Dec 11, 2017 22 minsCybercrimeInternet of ThingsVulnerabilities See all videos Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management View all topics All topics Close Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Generative AI Show me morePopularArticlesPodcastsVideos news Google expands minimum security guidelines for third-party vendors By John P. Mello Jr. Dec 08, 20234 mins Application SecuritySupply ChainSupply Chain news New CISO appointments 2023 By CSO Staff Dec 08, 202328 mins CSO and CISOCSO and CISOCSO and CISO news Top cybersecurity product news of the week By CSO staff Dec 07, 202322 mins Generative AISecurity podcast CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison Nov 20, 202315 mins CSO and CISO podcast CSO Executive Sessions Australia with Robbie Whittome, CISO at Curtin University Oct 16, 202315 mins CSO and CISO podcast CSO Executive Sessions / ASEAN: Cisco's Anthony Grieco on opportunities in Southeast Asia's cybersecurity landscape Oct 10, 202316 mins CSO and CISO video CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison Nov 20, 202315 mins CSO and CISO video AI and Cybersecurity: Speed Bumps, Training, and Communication Nov 06, 202317 mins CyberattacksGenerative AI video CSO Executive Sessions Australia with Robbie Whittome Oct 16, 202315 mins CSO and CISO