To kill BlackLotus malware, patching is a good start, but...
...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs
CSO22 Jun 2023 | 4
CSO
FTC accuses DNA testing company of lying about dumping samples
1Health must strengthen protections for genetic information as part of settlement
CSO21 Jun 2023 | 4
US government hit by Russia's Clop in MOVEit mass attack
CISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWinds
CSO15 Jun 2023 | 7
Chinese spies blamed for data-harvesting raids on Barracuda email gateways
Snoops 'aggressively targeted' specific govt, academic accounts
CSO15 Jun 2023 | 2
LockBit victims in the US alone paid over $90m in ransoms since 2020
As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections
CSO14 Jun 2023 | 2
Clop ransomware crew sets June extortion deadline for MOVEit victims
Plus: The Feds weigh in with advice, details
CSO07 Jun 2023 | 2
US govt now bans TikTok from contractors' work gear
BYODALAINGTI (as long as it's not got TikTok installed)
CSO06 Jun 2023 | 11
SEC drops 42 cases after staff bungle data protection
Corporate watchdog fouled its info-separation regime, let the wrong people read sensitive docs
CSO06 Jun 2023 | 2
Microsoft stashes nearly half a billion in case LinkedIn data drama hits
Irish regulators sniffing around Facebook-for-suits subsidiary have threatened fine
CSO02 Jun 2023 | 12
90+ orgs tell Slack to stop slacking when it comes to full encryption
Protests planned for Wednesday in San Francisco and Denver
CSO30 May 2023 | 8
Microsoft decides it will be the one to choose which secure login method you use
Certificate-based authentication comes first and phones last
CSO18 May 2023 | 55
'Strictly limit' remote desktop – unless you like catching BianLian ransomware
Do it or don't. We're not cops. But the FBI are, and they have this to say
CSO17 May 2023 | 33
Don't panic. Google offering scary .zip and .mov domains is not the end of the world
Comment Did we forget about .pl, .sh and oh yeah, .com ?
CSO17 May 2023 | 80
No more macros? No problem, say miscreants, we'll adapt
Microsoft blocking 'net scripts sparked 'monumental shift' in attacks
CSO15 May 2023 | 10
Sonatype axes 14 percent of staff, reminds them not to talk to the press
Exclusive Workers slam 'horrendous' handling of layoffs that left even 'engineering managers in the dark'
CSO10 May 2023 | 41
Modern Auth comes to on-prem Exchange Server gear
Guess this'll have to do while we wait for *checks notes* ES 2025
CSO08 May 2023 | 2
Dump these insecure phone adapters because we're not fixing them, says Cisco
Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availability
CSO05 May 2023 | 90
Insurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout
'The get-out-of-jail-free card option has been removed' as one expert put it
CSO03 May 2023 | 37
Microsoft is busy rewriting core Windows code in memory-safe Rust
Now that's a C change we can back
CSO27 Apr 2023 | 115
That 3CX supply chain attack keeps getting worse: Other vendors hit
In Brief Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulns
CSO24 Apr 2023 | 9
Microsoft pushes for more women in cybersecurity
Redmond tops industry average, still got a way to go
CSO21 Apr 2023 | 14
Russian snoops just love invading unpatched Cisco gear, America and UK warn
Spying on foreign targets? That's our job!
CSO18 Apr 2023 | 7
Compatibility mess breaks not one but two Windows password tools
Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says
CSO14 Apr 2023 | 6
While Twitter wants to sell its verification, Microsoft will do it for free on LinkedIn
Redmond expands a digital ID process for its platform as Musk seeks cash for blue check marks
CSO14 Apr 2023 | 23
US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster
It's not all doom and gloom because ML also amplifies defensive efforts, probably
CSO12 Apr 2023 | 15
Azure admins warned to disable shared key access as backdoor attack detailed
The default is that sharing is caring as Redmond admits: 'These permissions could be abused'
CSO11 Apr 2023 | 10
CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud
Not a headline we expected to write today
CSO24 Mar 2023 | 11
Critical infrastructure gear is full of flaws, but hey, at least it's certified
Security researchers find bugs, big and small, in every industrial box probed
CSO23 Mar 2023 | 20
You just gonna take that AWS? Let Microsoft school your users on cloud security?
And Google Cloud is next
CSO21 Mar 2023 | 3
UK refreshes national security plan to stop more of China's secret-stealing cyber-tricks
A threat that needs two orgs to tackle it: the 'Integrated Security Fund' and the 'National Protective Security Authority'
CSO14 Mar 2023 | 42
What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge
File under cost of doing business
CSO10 Mar 2023 | 9
CI/CD: Necessary for modern software development, yet it carries a lot of risk
SCSW With great speed comes great insecurity
CSO02 Mar 2023 | 10
Feeling VEXed by software supply chain security? You’re not alone
SCSW Chainguard CEO explains how to secure code given crims know to poison it at the source
CSO28 Feb 2023 |
Google destroyed evidence for antitrust battle, Feds complain
rm -rf'ing staff chat logs can't go unpunished, says Uncle Sam
CSO24 Feb 2023 | 33
European Commission bans TikTok from staff gadgets
Cyber Europe cyber worried about cyber threats, doesn't cyber use the other C word (China)
CSO24 Feb 2023 | 23
Trust, not tech, is holding back a safer internet
Opinion Excuse me, citizen, did you packet this data yourself?
CSO06 Feb 2023 | 60
Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched
You know when we all said quit using MD5? We really meant it
CSO26 Jan 2023 | 3
Miscreants sure do love ransacking cloud networks, more so than before
Thanks for putting all your data in one basket
CSO20 Jan 2023 | 9
Microsoft locks door to default guest authentication in Windows Pro
Bringing OS version into sync with Enterprise and Education editions
CSO17 Jan 2023 | 24
NASA infosec again falls short of required US government standard
Good thing space agency doesn’t have any state secrets … oh, hang on
CSO21 Dec 2022 | 13
On the 12th day of the Rackspace email disaster, it did not give to me …
Updated … a working Exchange inbox tree
CSO14 Dec 2022 | 66
Malicious Microsoft-signed Windows drivers wielded in cyberattacks
Handy tools to kill off security protections get Redmond's stamp of approval
CSO14 Dec 2022 | 14
This ransomware gang is a right Royal pain in the AES for healthcare orgs
Nothing like your medical files being taken hostage for millions of dollars
CSO09 Dec 2022 | 8
REvil-hit Medibank to pull plug on IT, shore up defenses
If safety regulations are written in blood, what are security policies written in? Sweat and cursing?
CSO08 Dec 2022 | 1
Guess the most common password. Hint: We just told you
In brief Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly
CSO25 Nov 2022 | 108
Europe calls for joint cyber defense to ward off Russia
EC veep: 'Cyber is the new domain in warfare'
CSO11 Nov 2022 | 9
Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup
Deal could 'upend the entire cyber-insurance ecosystem and make it almost impossible to get meaningful cyber coverage'
CSO02 Nov 2022 | 55
Education tech giant gets an F for security after sensitive info on 40 million users stolen
Chegg it out: Four blunders in four years
CSO31 Oct 2022 | 6
Biden now wants to toughen up chemical sector's cybersecurity
Control panels facing the internet? Data stolen? You gotta keep an ion this stuff
CSO27 Oct 2022 | 6
If someone tries ransacking your Windows network, it's a bit easier now to grok in Microsoft 365 Defender
Blinking, beeping, and flashing lights, blinking and beeping and flashing...
CSO26 Oct 2022 | 6
FTC slaps down Drizly CEO after 2.4m user records stolen from 'careless' booze app biz
Analysis At least this'll give some ammo to CISOs dying for stronger IT defenses
CSO26 Oct 2022 | 10
Oops, web trackers may have leaked 3 million patients' info
Scream with us: Aaaaaa-AAH
CSO20 Oct 2022 | 35
Cost of a health insurance security breach? NY watchdogs say it's $4.5m
Hundreds of thousands of people's sensitive info poorly protected
CSO19 Oct 2022 | 1
Millennials, Gen Z actually suck at workplace security
OK, boomer – how do I turn off cookies?
CSO19 Oct 2022 | 76
So, the US, China, and Russia walk into an infosec conference
Suffice to say things got a little awkward
CSO19 Oct 2022 | 3
Microsoft: Watch out for password spray attacks – especially you, Basic Auth
Exchange Online users should have authentication policies in place
CSO04 Oct 2022 | 7
Moody's turns up the heat on 'riskiest' sectors for cyberattacks
$22 trillion of global rated debt has 'high' or 'very high' cyber-risk exposure
CSO03 Oct 2022 | 1
Covert malware targets VMware shops for hypervisor-level espionage
Mandiant tracks back operators, finds ties to China
CSO29 Sep 2022 | 3
Microsoft to kill off old access rules in Exchange Online
Awoooogah – this is your one-year warning to switch over, enterprises
CSO28 Sep 2022 | 13
Ukraine fears 'massive' Russian cyberattacks on power, infrastructure
Will those be before or after the nuke strikes Putin keeps banging on about?
CSO27 Sep 2022 | 13
Biting the hand that feeds IT
