Latest articles for CSO magazine

According to a  ransomware survey report  released in June by Keeper Security, 49% of companies hit by ransomware paid the ransom–and another 22% declined to…

As companies move applications to the cloud and expose functionality via application programming interfaces (APIs), criminals have been moving quickly to take advantage of this…

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s…

Threat hunting isn’t just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm…

Last month, the UK’s  National Cyber Security Centre reported  that one organization paid nearly $9 million to attackers for a decryption key after falling victim…

Privacy and security regulations are evolving quickly. The European Union’s  GDPR  and California’s new  CPRA  law are only the most high-profile examples.  According to Privacy…

What is a supply chain attack? A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an…

In November, Californians approved a ballot measure, Proposition 24, a.k.a. the California Privacy Rights Act (CPRA), to create a new consumer data privacy agency. It…

When enterprises adopt new technology, security is often on the back burner. It can seem more important to get new products or services to customers…

Despite a recent decline in attacks,  ransomware  still poses significant threats to enterprises, as the  attacks against several major newspapers  demonstrated this month. It is…

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access…

We have encryption for data in motion. We have encryption for data at rest. But one type of data is difficult to keep encrypted –…

Network engineer Jose Arellano concedes that “the hardest part of my day” is keeping the network safe for 12,700 students, 1,900 staff and more than…

In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General…

As the COVID-19 pandemic drags global economies to a halt, enterprises are having to tighten their belts across the board, including in IT. In May…

Over the past few weeks, the cybersecurity landscape has changed dramatically. Employees working at home mean more exposed attack surface and plenty of unusual user…

At the end of this year, the Payment Card Industry Data Security Standard (PCI DSS) is expected to get an upgrade to version 4.0. It…

The California Consumer Privacy Act (CCPA) went into effect on January 1 and it is affecting companies not just in California but across the United…

OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its  API…

Directory traversal examples In September,  researchers discovered  a “critical severity” directory traversal vulnerability in  Atlassian’s Jira Service Desk Server and Jira Service Desk Data Center…

Super-fast  5G  mobile networks promise to link not only people more efficiently, but also allow for greater interconnectivity and control of machines, objects and devices.…

In August 2019, someone at Japan’s Toyota Boshoku Corp. received fraudulent payment instructions by email to send 4 billion yen (about $37 million) to a…

As companies ramp up protections against account takeovers,  spearphishing  and other impersonation attacks, attackers are upping their game by collecting more and richer personally identifiable…

When enterprises adopt new technology, security is often on the back burner. It can seem more important to get new products or services to customers…

When it comes to cybercriminal infrastructure, the  dark web  gets the glory with its secret criminal marketplaces, illegal money laundering services and  botnets  as a…

Earlier this summer, a computer science student was able to access information on seven million Venmo transactions, including the full names of people sending money…

As companies get better at analyzing log data to spot potential security threats, legacy applications create blindspots that can be hard to tackle. “Modern SIEMs…

Low-code and no-code development promises to speed up the deployment of new applications and to allow non-technical users to create apps. The idea has been…

Sixty-three percent of IT security professionals say the frequency of attacks has gone up over the past 12 months, according to  Ponemon’s  2018 State of…

Security experts have been bemoaning the endless array of problems associated with using passwords — they’re either too easy for criminals to guess or too…