Clop ransomware crew sets June extortion deadline for MOVEit victims
Plus: The Feds weigh in with advice, details
CSO07 Jun 2023 | 2
CSO
US govt now bans TikTok from contractors' work gear
BYODALAINGTI (as long as it's not got TikTok installed)
CSO06 Jun 2023 | 11
SEC drops 42 cases after staff bungle data protection
Corporate watchdog fouled its info-separation regime, let the wrong people read sensitive docs
CSO06 Jun 2023 | 3
Microsoft stashes nearly half a billion in case LinkedIn data drama hits
Irish regulators sniffing around Facebook-for-suits subsidiary have threatened fine
CSO02 Jun 2023 | 12
90+ orgs tell Slack to stop slacking when it comes to full encryption
Protests planned for Wednesday in San Francisco and Denver
CSO30 May 2023 | 8
Microsoft decides it will be the one to choose which secure login method you use
Certificate-based authentication comes first and phones last
CSO18 May 2023 | 55
'Strictly limit' remote desktop – unless you like catching BianLian ransomware
Do it or don't. We're not cops. But the FBI are, and they have this to say
CSO17 May 2023 | 32
Don't panic. Google offering scary .zip and .mov domains is not the end of the world
Comment Did we forget about .pl, .sh and oh yeah, .com ?
CSO17 May 2023 | 80
No more macros? No problem, say miscreants, we'll adapt
Microsoft blocking 'net scripts sparked 'monumental shift' in attacks
CSO15 May 2023 | 10
Sonatype axes 14 percent of staff, reminds them not to talk to the press
Exclusive Workers slam 'horrendous' handling of layoffs that left even 'engineering managers in the dark'
CSO10 May 2023 | 41
Modern Auth comes to on-prem Exchange Server gear
Guess this'll have to do while we wait for *checks notes* ES 2025
CSO08 May 2023 | 2
Dump these insecure phone adapters because we're not fixing them, says Cisco
Security hole ranks 9.8 out of 10 in severity, 0 out of 10 in patch availability
CSO05 May 2023 | 90
Insurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout
'The get-out-of-jail-free card option has been removed' as one expert put it
CSO03 May 2023 | 37
Microsoft is busy rewriting core Windows code in memory-safe Rust
Now that's a C change we can back
CSO27 Apr 2023 | 110
That 3CX supply chain attack keeps getting worse: Other vendors hit
In Brief Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulns
CSO24 Apr 2023 | 9
Microsoft pushes for more women in cybersecurity
Redmond tops industry average, still got a way to go
CSO21 Apr 2023 | 14
Russian snoops just love invading unpatched Cisco gear, America and UK warn
Spying on foreign targets? That's our job!
CSO18 Apr 2023 | 7
Compatibility mess breaks not one but two Windows password tools
Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says
CSO14 Apr 2023 | 6
While Twitter wants to sell its verification, Microsoft will do it for free on LinkedIn
Redmond expands a digital ID process for its platform as Musk seeks cash for blue check marks
CSO14 Apr 2023 | 23
US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster
It's not all doom and gloom because ML also amplifies defensive efforts, probably
CSO12 Apr 2023 | 13
Popular
10 years after Snowden's first leak, what have we learned?
Feature Spies gonna spy
Scientists think they may have cracked life support for Martian occupation
Outdated ISS system will need an upgrade if we're to go further into space
Healthcare org with over 100 clinics uses OpenAI's GPT-4 to write medical records
The doctor, and their steno-bot, will see you now. Then see another patient quickly because they don't have to stop and scrawl notes
Malwarebytes may not be allowed to label rival's app as 'potentially unwanted'
Legal prof warns: 'This case is like a wrecking ball for internet law'
Florida man (not that one) sold $100M-plus in counterfeit network gear
Military, schools, and hospitals burned by off-brand Cisco inferno
Starlink's rocket speeds hit a 50 megabit wall for large downloads
Disgruntled customers claim throttling happens any time of the day or night
James Webb smells someone having barbecue in galaxy 12 billion light years away
Most distant smoke and smog discovery could help explain star formation in the early universe
Google snubbed JPEG XL so of course Apple now supports it in Safari
Chocolate Factory under pressure to reverse decision to abandon image format
Red Hat to stop packaging LibreOffice for RHEL
The sky isn't falling… but it's sign of bigger changes to come
Scientists claim >99 percent identification rate of ChatGPT content
Boffins and machines write very differently – and it's easy to tell
STORIES
Azure admins warned to disable shared key access as backdoor attack detailed
The default is that sharing is caring as Redmond admits: 'These permissions could be abused'
CSO11 Apr 2023 | 10
CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud
Not a headline we expected to write today
CSO24 Mar 2023 | 11
Critical infrastructure gear is full of flaws, but hey, at least it's certified
Security researchers find bugs, big and small, in every industrial box probed
CSO23 Mar 2023 | 20
You just gonna take that AWS? Let Microsoft school your users on cloud security?
And Google Cloud is next
CSO21 Mar 2023 | 3
UK refreshes national security plan to stop more of China's secret-stealing cyber-tricks
A threat that needs two orgs to tackle it: the 'Integrated Security Fund' and the 'National Protective Security Authority'
CSO14 Mar 2023 | 43
What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge
File under cost of doing business
CSO10 Mar 2023 | 9
CI/CD: Necessary for modern software development, yet it carries a lot of risk
SCSW With great speed comes great insecurity
CSO02 Mar 2023 | 10
Feeling VEXed by software supply chain security? You’re not alone
SCSW Chainguard CEO explains how to secure code given crims know to poison it at the source
CSO28 Feb 2023 |
Google destroyed evidence for antitrust battle, Feds complain
rm -rf'ing staff chat logs can't go unpunished, says Uncle Sam
CSO24 Feb 2023 | 33
European Commission bans TikTok from staff gadgets
Cyber Europe cyber worried about cyber threats, doesn't cyber use the other C word (China)
CSO24 Feb 2023 | 23
Trust, not tech, is holding back a safer internet
Opinion Excuse me, citizen, did you packet this data yourself?
CSO06 Feb 2023 | 60
Months after NSA disclosed Microsoft cert bug, datacenters remain unpatched
You know when we all said quit using MD5? We really meant it
CSO26 Jan 2023 | 3
Miscreants sure do love ransacking cloud networks, more so than before
Thanks for putting all your data in one basket
CSO20 Jan 2023 | 9
Microsoft locks door to default guest authentication in Windows Pro
Bringing OS version into sync with Enterprise and Education editions
CSO17 Jan 2023 | 24
NASA infosec again falls short of required US government standard
Good thing space agency doesn’t have any state secrets … oh, hang on
CSO21 Dec 2022 | 13
On the 12th day of the Rackspace email disaster, it did not give to me …
Updated … a working Exchange inbox tree
CSO14 Dec 2022 | 66
Malicious Microsoft-signed Windows drivers wielded in cyberattacks
Handy tools to kill off security protections get Redmond's stamp of approval
CSO14 Dec 2022 | 14
This ransomware gang is a right Royal pain in the AES for healthcare orgs
Nothing like your medical files being taken hostage for millions of dollars
CSO09 Dec 2022 | 8
REvil-hit Medibank to pull plug on IT, shore up defenses
If safety regulations are written in blood, what are security policies written in? Sweat and cursing?
CSO08 Dec 2022 | 1
Guess the most common password. Hint: We just told you
In brief Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly
CSO25 Nov 2022 | 108
Europe calls for joint cyber defense to ward off Russia
EC veep: 'Cyber is the new domain in warfare'
CSO11 Nov 2022 | 9
Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup
Deal could 'upend the entire cyber-insurance ecosystem and make it almost impossible to get meaningful cyber coverage'
CSO02 Nov 2022 | 55
Education tech giant gets an F for security after sensitive info on 40 million users stolen
Chegg it out: Four blunders in four years
CSO31 Oct 2022 | 6
Biden now wants to toughen up chemical sector's cybersecurity
Control panels facing the internet? Data stolen? You gotta keep an ion this stuff
CSO27 Oct 2022 | 6
If someone tries ransacking your Windows network, it's a bit easier now to grok in Microsoft 365 Defender
Blinking, beeping, and flashing lights, blinking and beeping and flashing...
CSO26 Oct 2022 | 6
FTC slaps down Drizly CEO after 2.4m user records stolen from 'careless' booze app biz
Analysis At least this'll give some ammo to CISOs dying for stronger IT defenses
CSO26 Oct 2022 | 10
Oops, web trackers may have leaked 3 million patients' info
Scream with us: Aaaaaa-AAH
CSO20 Oct 2022 | 35
Cost of a health insurance security breach? NY watchdogs say it's $4.5m
Hundreds of thousands of people's sensitive info poorly protected
CSO19 Oct 2022 | 1
Millennials, Gen Z actually suck at workplace security
OK, boomer – how do I turn off cookies?
CSO19 Oct 2022 | 76
So, the US, China, and Russia walk into an infosec conference
Suffice to say things got a little awkward
CSO19 Oct 2022 | 3
Microsoft: Watch out for password spray attacks – especially you, Basic Auth
Exchange Online users should have authentication policies in place
CSO04 Oct 2022 | 7
Moody's turns up the heat on 'riskiest' sectors for cyberattacks
$22 trillion of global rated debt has 'high' or 'very high' cyber-risk exposure
CSO03 Oct 2022 | 1
Covert malware targets VMware shops for hypervisor-level espionage
Mandiant tracks back operators, finds ties to China
CSO29 Sep 2022 | 3
Microsoft to kill off old access rules in Exchange Online
Awoooogah – this is your one-year warning to switch over, enterprises
CSO28 Sep 2022 | 13
Ukraine fears 'massive' Russian cyberattacks on power, infrastructure
Will those be before or after the nuke strikes Putin keeps banging on about?
CSO27 Sep 2022 | 13
Uber explains how it was pwned this month, points finger at Lapsus$ gang
From annoying MFA alerts to 'several internal systems' infiltrated
CSO19 Sep 2022 | 26
Indonesia accuses Google of abusing monopoly
Asia In Brief PLUS: Qualys CEO says APAC has infosec advantages; Singapore's Sea ebbs in Americas; Toshiba's tepid takeover update; and more
CSO19 Sep 2022 | 4
Nearly one in two industry pros scaled back open source use over security fears
Log4j being the main driver, this data science poll claims
Security14 Sep 2022 | 17
Twitter whistleblower Zatko disses bird site as dysfunctional data dump
Mudge tells senators his former bosses are 'terrified' of the French, US regulators are toothless
CSO14 Sep 2022 | 38
Musk seeks yet another excuse to get out of Twitter buyout: This time it's Mudge's severance check
If at first you don't succeed...
CSO13 Sep 2022 | 54
Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN
Nothing like an authentication bypass for your private IPSec network
CSO08 Sep 2022 | 56
Nadine Dorries promotes 'Brexit rewards' of proposed UK data protection law
Culture secretary talks up pre-Commons reading as UK waits to hear who new leader will be
CSO05 Sep 2022 | 163
77% of security leaders fear we’re in perpetual cyberwar from now on
In brief Also, Charming Kittens from Iran scrape email inboxes, France could fine Google again, and more
CSO27 Aug 2022 | 32
Twilio, Cloudflare just two of 135 orgs targeted by Oktapus phishing campaign
Updated This, this is more like what we mean by a sophisticated cyberattack
CSO25 Aug 2022 | 6
Shout-out to whoever went to Black Hat and had North Korean malware on their PC
I am the one who NOCs
CSO25 Aug 2022 | 25
Block sued after ex-staffer siphons customer data
'Don't be such a Square' hits different these days
CSO24 Aug 2022 | 8
VMware confirms Carbon Black causes BSODs, boot loops on Windows
Well, you can't be attacked if your PC won't start
CSO24 Aug 2022 | 11
Lloyd's to exclude certain nation-state attacks from cyber insurance policies
Updated Kim Jong-un has entered the chat
CSO24 Aug 2022 | 55
Twitter savaged by former security boss Mudge in whistleblower complaint
Loose access to production systems, out of date software, and more claimed
CSO23 Aug 2022 | 36
Smartphone gyroscopes threaten air-gapped systems, researcher finds
Network interface card LEDs are a risk too by blinking in Morse code
CSO23 Aug 2022 | 54
The truth about that draft law banning Uncle Sam buying insecure software
There's always a get-out clause
CSO19 Aug 2022 | 43
Google blocks third record-breaking DDoS attack in as many months
46 million requests per second network flood comes as attacks increase by more than 200% compared to last year
CSO18 Aug 2022 | 11
After 7 years, long-term threat DarkTortilla crypter is still evolving
.NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says
CSO17 Aug 2022 | 2
TikTok wants your trust around US midterm elections data
Misinformation's a concern, but Chinese media giant's own data privacy practices also have people worried
CSO17 Aug 2022 | 4
PC store told it can't claim full cyber-crime insurance after social-engineering attack
Two different kinds of fraud, says judge while throwing out lawsuit against insurer
CSO16 Aug 2022 | 4
Microsoft's macOS Tamper Protection hits general availability
A boon for administrators having to deal with Apple hardware while also keeping everything secure
CSO16 Aug 2022 | 5
Reckon Russian spies are lurking in your inbox? Check for these IOCs, Microsoft says
Seaborgium targeted dozens of orgs this year alone
CSO16 Aug 2022 | 7
It's 2022 and there are still thousands of public systems using password-less VNC
Let alone the ones with 123456 to login. How sophisticated do attackers really need to be?
CSO16 Aug 2022 | 8
Hi, I'll be your ransomware negotiator today – but don't tell the crooks that
Interview What it's like bargaining with criminals ... and advising clients suffering their worst day yet
CSO06 Aug 2022 | 41
Robinhood's crypto unit hit with $30m fine over security, anti-crime misses
Updated And just lays off about a quarter of staff
CSO02 Aug 2022 | 4
T-Mobile US to cough up $550m after info stolen on 77m customers
Oops, did the Un-carrier under-count by 29m punters?
CSO25 Jul 2022 | 8
Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing
Blockade against VBA scripts in downloaded files is back on by default
CSO22 Jul 2022 | 15
TikTok's chief security officer steps aside, thanks to Oracle move
Takes up advisory role that might leave time to play with parent company's homebrew cloudy SmartNICs
CSO18 Jul 2022 |
This big phish can swim around MFA, says Microsoft Security
Slippery AiTM attacks targeted more than 10,000 orgs over the past nine months
CSO13 Jul 2022 | 2
Mergers and acquisitions put zero trust to the ultimate test
Bypasses an arduous integration process with right security footing from the start
CSO13 Jul 2022 | 1
Defense contractor pays $9m to settle whistleblower's cybersecurity allegations
Former Aerojet Rocketdyne employee cites failure to meet minimums for NASA, Pentagon
CSO11 Jul 2022 | 10
Jenkins warns of security holes in these 25 plugins
Relax, most of the vulnerabilities so far have, er, no fix
CSO30 Jun 2022 | 4
Start using Modern Auth now for Exchange Online
Before Microsoft shutters basic logins in a few months
CSO29 Jun 2022 | 28
India extends deadline for compliance with infosec logging rules by 90 days
Updated Helpfully announced extension on deadline day
CSO28 Jun 2022 | 9
Contractor loses entire Japanese city's personal data in USB fail
In brief Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details
CSO27 Jun 2022 | 14
$6b mega contract electronics vendor Sanmina jumps into zero trust
Company was an early adopter of Google Cloud, which led to a search for a new security architecture
CSO23 Jun 2022 | 1
Voicemail phishing emails steal Microsoft credentials
As always, check that O365 login page is actually O365
CSO21 Jun 2022 | 20
RSAC branded a 'super spreader event' as attendees share COVID-19 test results
RSA Conference That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts
CSO16 Jun 2022 | 26
Former US state agency CIO, IT exec plead guilty to bribery and extortion scheme
Pair's multimillion-dollar contract caper unraveled
CSO15 Jun 2022 | 5
Cloudflare says it thwarted record-breaking HTTPS DDoS flood
26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that
CSO14 Jun 2022 | 2
Inside the RSAC expo: Buzzword bingo and the bear in the room
RSA Conference We mingle with the vendors so you don't have to
CSO14 Jun 2022 | 2
US cyber chiefs: Moving to Shields Down isn't gonna happen
RSA Conference Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes'
CSO08 Jun 2022 | 6
Cisco EVP: We need to lift everyone above the cybersecurity poverty line
RSA Conference Exclusive It's going to become a human-rights issue, Jeetu Patel tells The Register
CSO06 Jun 2022 | 9
Feeling highly stressed about your job? You must be a CISO
'The attack surface has expanded exponentially' during the work-from-home pandemic, says one
CSO04 Jun 2022 | 23
FBI, CISA: Don't get caught in Karakurt's extortion web
Is this gang some sort of Conti side hustle? The answer may be yes
CSO03 Jun 2022 | 7
Biting the hand that feeds IT
