NASA infosec again falls short of required US government standard Good thing space agency doesn’t have any state secrets … oh, hang on CSO21 Dec 2022 | 13
On the 12th day of the Rackspace email disaster, it did not give to me … Updated … a working Exchange inbox tree CSO14 Dec 2022 | 66
Malicious Microsoft-signed Windows drivers wielded in cyberattacks Handy tools to kill off security protections get Redmond's stamp of approval CSO14 Dec 2022 | 14
This ransomware gang is a right Royal pain in the AES for healthcare orgs Nothing like your medical files being taken hostage for millions of dollars CSO09 Dec 2022 | 8
REvil-hit Medibank to pull plug on IT, shore up defenses If safety regulations are written in blood, what are security policies written in? Sweat and cursing? CSO08 Dec 2022 | 1
Guess the most common password. Hint: We just told you In brief Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly CSO25 Nov 2022 | 108
Europe calls for joint cyber defense to ward off Russia EC veep: 'Cyber is the new domain in warfare' CSO11 Nov 2022 | 9
Ritz cracker giant settles bust-up with insurer over $100m+ NotPetya cleanup Deal could 'upend the entire cyber-insurance ecosystem and make it almost impossible to get meaningful cyber coverage' CSO02 Nov 2022 | 55
Education tech giant gets an F for security after sensitive info on 40 million users stolen Chegg it out: Four blunders in four years CSO31 Oct 2022 | 6
Biden now wants to toughen up chemical sector's cybersecurity Control panels facing the internet? Data stolen? You gotta keep an ion this stuff CSO27 Oct 2022 | 6
If someone tries ransacking your Windows network, it's a bit easier now to grok in Microsoft 365 Defender Blinking, beeping, and flashing lights, blinking and beeping and flashing... CSO26 Oct 2022 | 6
FTC slaps down Drizly CEO after 2.4m user records stolen from 'careless' booze app biz Analysis At least this'll give some ammo to CISOs dying for stronger IT defenses CSO26 Oct 2022 | 10
Oops, web trackers may have leaked 3 million patients' info Scream with us: Aaaaaa-AAH CSO20 Oct 2022 | 35
Cost of a health insurance security breach? NY watchdogs say it's $4.5m Hundreds of thousands of people's sensitive info poorly protected CSO19 Oct 2022 | 1
Millennials, Gen Z actually suck at workplace security OK, boomer – how do I turn off cookies? CSO19 Oct 2022 | 76
So, the US, China, and Russia walk into an infosec conference Suffice to say things got a little awkward CSO19 Oct 2022 | 3
Microsoft: Watch out for password spray attacks – especially you, Basic Auth Exchange Online users should have authentication policies in place CSO04 Oct 2022 | 7
Moody's turns up the heat on 'riskiest' sectors for cyberattacks $22 trillion of global rated debt has 'high' or 'very high' cyber-risk exposure CSO03 Oct 2022 | 1
Covert malware targets VMware shops for hypervisor-level espionage Mandiant tracks back operators, finds ties to China CSO29 Sep 2022 | 3
Microsoft to kill off old access rules in Exchange Online Awoooogah – this is your one-year warning to switch over, enterprises CSO28 Sep 2022 | 13
Ukraine fears 'massive' Russian cyberattacks on power, infrastructure Will those be before or after the nuke strikes Putin keeps banging on about? CSO27 Sep 2022 | 13
Uber explains how it was pwned this month, points finger at Lapsus$ gang From annoying MFA alerts to 'several internal systems' infiltrated CSO19 Sep 2022 | 26
Indonesia accuses Google of abusing monopoly Asia In Brief PLUS: Qualys CEO says APAC has infosec advantages; Singapore's Sea ebbs in Americas; Toshiba's tepid takeover update; and more CSO19 Sep 2022 | 4
Nearly one in two industry pros scaled back open source use over security fears Log4j being the main driver, this data science poll claims Security14 Sep 2022 | 17
Twitter whistleblower Zatko disses bird site as dysfunctional data dump Mudge tells senators his former bosses are 'terrified' of the French, US regulators are toothless CSO14 Sep 2022 | 38
Musk seeks yet another excuse to get out of Twitter buyout: This time it's Mudge's severance check If at first you don't succeed... CSO13 Sep 2022 | 54
Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN Nothing like an authentication bypass for your private IPSec network CSO08 Sep 2022 | 56
Nadine Dorries promotes 'Brexit rewards' of proposed UK data protection law Culture secretary talks up pre-Commons reading as UK waits to hear who new leader will be CSO05 Sep 2022 | 163
77% of security leaders fear we’re in perpetual cyberwar from now on In brief Also, Charming Kittens from Iran scrape email inboxes, France could fine Google again, and more CSO27 Aug 2022 | 32
Twilio, Cloudflare just two of 135 orgs targeted by Oktapus phishing campaign Updated This, this is more like what we mean by a sophisticated cyberattack CSO25 Aug 2022 | 6
Shout-out to whoever went to Black Hat and had North Korean malware on their PC I am the one who NOCs CSO25 Aug 2022 | 25
Block sued after ex-staffer siphons customer data 'Don't be such a Square' hits different these days CSO24 Aug 2022 | 8
VMware confirms Carbon Black causes BSODs, boot loops on Windows Well, you can't be attacked if your PC won't start CSO24 Aug 2022 | 11
Lloyd's to exclude certain nation-state attacks from cyber insurance policies Updated Kim Jong-un has entered the chat CSO24 Aug 2022 | 55
Twitter savaged by former security boss Mudge in whistleblower complaint Loose access to production systems, out of date software, and more claimed CSO23 Aug 2022 | 36
Smartphone gyroscopes threaten air-gapped systems, researcher finds Network interface card LEDs are a risk too by blinking in Morse code CSO23 Aug 2022 | 54
The truth about that draft law banning Uncle Sam buying insecure software There's always a get-out clause CSO19 Aug 2022 | 43
Google blocks third record-breaking DDoS attack in as many months 46 million requests per second network flood comes as attacks increase by more than 200% compared to last year CSO18 Aug 2022 | 11
After 7 years, long-term threat DarkTortilla crypter is still evolving .NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says CSO17 Aug 2022 | 2
TikTok wants your trust around US midterm elections data Misinformation's a concern, but Chinese media giant's own data privacy practices also have people worried CSO17 Aug 2022 | 4
PC store told it can't claim full cyber-crime insurance after social-engineering attack Two different kinds of fraud, says judge while throwing out lawsuit against insurer CSO16 Aug 2022 | 4
Microsoft's macOS Tamper Protection hits general availability A boon for administrators having to deal with Apple hardware while also keeping everything secure CSO16 Aug 2022 | 5
Reckon Russian spies are lurking in your inbox? Check for these IOCs, Microsoft says Seaborgium targeted dozens of orgs this year alone CSO16 Aug 2022 | 7
It's 2022 and there are still thousands of public systems using password-less VNC Let alone the ones with 123456 to login. How sophisticated do attackers really need to be? CSO16 Aug 2022 | 8
Hi, I'll be your ransomware negotiator today – but don't tell the crooks that Interview What it's like bargaining with criminals ... and advising clients suffering their worst day yet CSO06 Aug 2022 | 41
Robinhood's crypto unit hit with $30m fine over security, anti-crime misses Updated And just lays off about a quarter of staff CSO02 Aug 2022 | 4
T-Mobile US to cough up $550m after info stolen on 77m customers Oops, did the Un-carrier under-count by 29m punters? CSO25 Jul 2022 | 8
Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing Blockade against VBA scripts in downloaded files is back on by default CSO22 Jul 2022 | 15
TikTok's chief security officer steps aside, thanks to Oracle move Takes up advisory role that might leave time to play with parent company's homebrew cloudy SmartNICs CSO18 Jul 2022 |
This big phish can swim around MFA, says Microsoft Security Slippery AiTM attacks targeted more than 10,000 orgs over the past nine months CSO13 Jul 2022 | 2
Mergers and acquisitions put zero trust to the ultimate test Bypasses an arduous integration process with right security footing from the start CSO13 Jul 2022 | 1
Defense contractor pays $9m to settle whistleblower's cybersecurity allegations Former Aerojet Rocketdyne employee cites failure to meet minimums for NASA, Pentagon CSO11 Jul 2022 | 10
Jenkins warns of security holes in these 25 plugins Relax, most of the vulnerabilities so far have, er, no fix CSO30 Jun 2022 | 4
Start using Modern Auth now for Exchange Online Before Microsoft shutters basic logins in a few months CSO29 Jun 2022 | 28
India extends deadline for compliance with infosec logging rules by 90 days Updated Helpfully announced extension on deadline day CSO28 Jun 2022 | 9
Contractor loses entire Japanese city's personal data in USB fail In brief Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details CSO27 Jun 2022 | 14
$6b mega contract electronics vendor Sanmina jumps into zero trust Company was an early adopter of Google Cloud, which led to a search for a new security architecture CSO23 Jun 2022 | 1
Voicemail phishing emails steal Microsoft credentials As always, check that O365 login page is actually O365 CSO21 Jun 2022 | 20
RSAC branded a 'super spreader event' as attendees share COVID-19 test results RSA Conference That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts CSO16 Jun 2022 | 26
Former US state agency CIO, IT exec plead guilty to bribery and extortion scheme Pair's multimillion-dollar contract caper unraveled CSO15 Jun 2022 | 5