Latest articles for CSO magazine

What you need to know about the new OWASP API Security Top 10 list

What you need to know about the new OWASP API Security Top 10 list

OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its  API…

Directory traversal explained: Definition, examples and prevention

Directory traversal explained: Definition, examples and prevention

Directory traversal examples In September,  researchers discovered  a “critical severity” directory traversal vulnerability in  Atlassian’s Jira Service Desk Server and Jira Service Desk Data Center…

7 ways 5G mobile networks will change IoT security, and how to prepare

7 ways 5G mobile networks will change IoT security, and how to prepare

Super-fast  5G  mobile networks promise to link not only people more efficiently, but also allow for greater interconnectivity and control of machines, objects and devices.…

Business email compromise attacks cost millions, losses doubling each year

Business email compromise attacks cost millions, losses doubling each year

In August 2019, someone at Japan’s Toyota Boshoku Corp. received fraudulent payment instructions by email to send 4 billion yen (about $37 million) to a…

Rich PII enables sophisticated impersonation attacks

Rich PII enables sophisticated impersonation attacks

As companies ramp up protections against account takeovers,  spearphishing  and other impersonation attacks, attackers are upping their game by collecting more and richer personally identifiable…

How secure are your AI and machine learning projects?

How secure are your AI and machine learning projects?

When enterprises adopt new technology, security is often on the back burner. It can seem more important to get new products or services to customers…

6 ways cybercriminals use commercial infrastructure

6 ways cybercriminals use commercial infrastructure

When it comes to cybercriminal infrastructure, the  dark web  gets the glory with its secret criminal marketplaces, illegal money laundering services and  botnets  as a…

6 API security lessons from the Venmo breach

6 API security lessons from the Venmo breach

Earlier this summer, a computer science student was able to access information on seven million Venmo transactions, including the full names of people sending money…

How to close SIEM visibility gaps created by legacy apps

How to close SIEM visibility gaps created by legacy apps

As companies get better at analyzing log data to spot potential security threats, legacy applications create blindspots that can be hard to tackle. “Modern SIEMs…

4 security concerns for low-code and no-code development

4 security concerns for low-code and no-code development

Low-code and no-code development promises to speed up the deployment of new applications and to allow non-technical users to create apps. The idea has been…

6 ways malware can bypass endpoint protection

6 ways malware can bypass endpoint protection

Sixty-three percent of IT security professionals say the frequency of attacks has gone up over the past 12 months, according to  Ponemon’s  2018 State of…

How First Citrus Bank got rid of employee passwords

How First Citrus Bank got rid of employee passwords

Security experts have been bemoaning the endless array of problems associated with using passwords — they’re either too easy for criminals to guess or too…

What is GPS spoofing? And how you can defend against it

What is GPS spoofing? And how you can defend against it

GPS spoofing definition GPS spoofing is an attack in which a radio transmitter located near the target is used to interfere with a legitimate GPS…

Google expands cloud security capabilities, including simpler configuration

Google expands cloud security capabilities, including simpler configuration

Google has announced 30 new features or enhancements of its Google Cloud platform that are designed to improve the ability of organizations to manage security…

What is AI fuzzing? And why it may be the next big cybersecurity threat

What is AI fuzzing? And why it may be the next big cybersecurity threat

AI fuzzing definition AI fuzzing uses machine learning and similar techniques to find vulnerabilities in an application or system. Fuzzing has been around for a…

What is quantum cryptography? It’s no silver bullet, but could improve security

What is quantum cryptography? It’s no silver bullet, but could improve security

Quantum cryptography definition Quantum cryptography, also called quantum encryption, applies principles of quantum mechanics to encrypt messages in a way that it is never read…

What is biometrics? And why collecting biometric data is risky

What is biometrics? And why collecting biometric data is risky

Biometric authentication uses physical or behavioral human characteristics to digitally identify a person to grant access to systems, devices or data. Examples of these biometric…

How security operations centers are adapting to the cloud era

How security operations centers are adapting to the cloud era

As more and more critical business functions depart the on-premises environment for the cloud, security operations centers (SOCs) face tough challenges in keeping up with…

8 old technologies that still play roles in security

8 old technologies that still play roles in security

It’s easy to assume newer is better, but technology that has been around for decades or longer still has a place in cybersecurity. In some…

Best antivirus software: 14 top tools

Best antivirus software: 14 top tools

The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Only six of the…

DDoS protection, mitigation and defense: 8 essential tips

DDoS protection, mitigation and defense: 8 essential tips

DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. According to Verizon’s latest DDoS trends report, the first…

dummy-img

What is the cyber kill chain? Why it's not always the right approach to cyber attacks

As an infosec professional, you’ve likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent…

Why the best antivirus software isn’t enough (and why you still need it)

Why the best antivirus software isn’t enough (and why you still need it)

Traditional signature-based antivirus is notoriously bad at stopping newer threats such as zero-day exploits and ransomware, but it still has a place in the enterprise,…

dummy-img

Why even the best antivirus software isn't enough (and why you still need it)

Traditional signature-based antivirus is notoriously bad at stopping newer threats such as zero-day exploits and ransomware, but it still has a place in the enterprise,…

Best antivirus software: 13 top tools

Best antivirus software: 13 top tools

The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Only five of the…

What is enterprise risk management? How to put cybersecurity threats into a business context

What is enterprise risk management? How to put cybersecurity threats into a business context

Enterprise risk management (ERM) is the process of assessing risks to identify both threats to a company’s financial well-being and opportunities in the market. The…

7 best practices for working with cybersecurity startups

7 best practices for working with cybersecurity startups

Cybersecurity startups, not weighed down by legacy platforms, can be more nimble and innovative than their more established competitors, and can often offer more personalized…

4 top challenges to a secure digital transformation

4 top challenges to a secure digital transformation

Digital transformation is vital to many companies’ long-term survival, in that it can help them defend against agile startups, better meet customer expectations, find new…

What are next generation firewalls? How the cloud and complexity affect them

What are next generation firewalls? How the cloud and complexity affect them

Traditional firewalls track the domains that traffic is coming from and the ports it’s going to. Nextgen firewalls go beyond that — they also monitor…

Corporate pre-crime: The ethics of using AI to identify future insider threats

Corporate pre-crime: The ethics of using AI to identify future insider threats

To protect corporate networks against malware, data exfiltration and other threats, security departments have systems in place to monitor email traffic, URLs and employee behaviors.…