BrandPost: Secure SD-WAN Improves Network Protection in Fuel Distribution System
Customer PerspectivesA petroleum distribution business developed innovative ideas for increasing customer loyalty, but it needed to upgrade its technology infrastructure to bring those concepts to life.The company, which operates several hundred full-service gas stations, wanted to provide direct internet...
BrandPost: Helping Healthcare Win Its Other Big Battle: Cyberattacks
Anyone running a business is likely familiar with the phrase “building the plane as you’re flying it.” And through the craziness of the past 19 months, many of us lived the phrase, becoming pilots and engineers of our new...
BrandPost: Scary Cyber Threats and Sweet Solutions
Do the words Zombiebots, Gh0st, Beast, and Creeper send shivers up your spine? They should. These are the names of top malware that could be haunting your programs and email right now! Building a cyber defense plan may seem scary. What is even scarier:...
Cheap and free cybersecurity training: 8 ways to build skills without breaking the bank
Every organization wants to keep its employees’ cybersecurity skills up to date, but for many, the cost of advanced formal trainings can break the budget. At the SANS Institute, for instance, considered by many to be the gold standard...
10 essential skills and traits of ethical hackers
What if you could spend your days trying to gain access to other people's networks and computer systems—and not get in trouble for it? Of course, that's every spy and cybercriminal's dream, but only ethical hackers, also known as...
BrandPost: Overcoming Today’s Top Distributed Workforce Security Challenges
The future of work arrived much more abruptly than anticipated, bringing with it many pressing security challenges. The global pandemic forced organizations of all types and sizes to support remote work overnight, and it’s clear that we’re not going...
How deepfakes enhance social engineering and authentication threats, and what to do about it
Deepfake technology is an escalating cybersecurity threat to organizations. Cybercriminals are investing in AI and machine learning to create synthetic or manipulated digital content (including images, video, audio and text) for use in cyberattacks and fraud. This content can...
Reddit’s Allison Miller builds trust through transparency
Allison Miller’s official title—CISO and vice president of trust—says a lot about her role and responsibilities at Reddit.Like all CISOs, Miller oversees the cybersecurity strategy and operations at the 16-year-old company. She’s also in charge of privacy, ensuring that...
BrandPost: CIS CSAT Pro v1.7: CIS Controls v8 Assessment and More
The CIS Controls Self Assessment Tool (CIS CSAT) allows organizations to perform assessments on their implementation of the CIS Critical Security Controls (CIS Controls). You can track progress over time and identify areas for improvement. CIS CSAT Pro is...
Security Recruiter Directory
Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in...
Decline in ransomware claims could spark change for cyber insurance
New data highlighting fluctuations relating to ransomware attack and payment claims indicates significant shifts in the cyberthreat landscape. Could such variations trigger changes in the cyber insurance market and, if so, how will they impact insurance carriers and organizations?
Shifting...
What is Magecart? How this hacker group steals payment card data
Magecart definition
Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information. This is known as a supply chain attack. The idea behind these attacks is...
Kraft Heinz dishes up security transformation
Ricardo Lafosse walked into the CISO post at Kraft Heinz Co. in February 2020 with a mission to modernize. And he had a plan.Lafosse envisioned transforming the company’s security program through a four-pillared initiative focused on visibility, team structure,...
Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises
Intrusions where hackers compromise the infrastructure of software developers and Trojanize their legitimate updates are hard to detect by users of the impacted software products, as highlighted by multiple incidents over the past several years. Researchers agree there is...
SSRF attacks explained and how to defend against them
SSRF attack definition
Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made by the server has been forged by...
(ISC)2 pilots new entry-level cybersecurity certification to tackle workforce shortages
Global cybersecurity membership association (ISC)2 has announced plans to pilot a new entry-level cybersecurity certification to validate the fundamental skills and abilities necessary for entry-level positions. Aimed at addressing cybersecurity workforce shortages, the new certification will provide employers means...
New Windows browser security options and guidance: What you need to know
As we move cloud computing, your browser is your operating system. While we tend to hold back in business patching to ensure there are no side effects, it can be dangerous to tak that approach with browser patching. Case...
8 top multifactor authentication products and how to choose an MFA solution
Today’s credential-based attacks are much more sophisticated. Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of a third-party service, credentials are easily the most vulnerable point in defending corporate systems. All...
White House international ransomware initiative outlines hopes and challenges
The White House’s Counter-Ransomware Initiative event, facilitated by the National Security Council (NSC), concluded two days of public-facing and closed-door sessions. Present were ministers and representatives from more than 30 countries and the European Union.
To read this article in...
6 zero trust myths and misconceptions
Interest in zero trust is surging, according to IDG’s 2020 Security Priorities Study, with 40% of survey respondents saying they are actively researching zero trust technologies, up from only 11% in 2019, and 18% of organizations indicating they already...
China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks
FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…
150 People Arrested in US-Europe Darknet Drug Probe
Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday.
read more
Free Tool Helps Security Teams Measure Their API Attack Surface
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.
SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.
North Korea's Lazarus Group Turns to Supply Chain Attacks
State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.
