7 open source security tools too good to ignore
It has been almost 40 years since Richard Stallman wrote his manifesto defining open-source software. Since then, the computer security world has embraced his vision — at least for some software — and...
View ArticleMicrosoft warns of ‘Skeleton Key’ jailbreak affecting many generative AI models
Microsoft is warning users of a newly discovered AI jailbreak attack that can cause a generative AI model to ignore its guardrails and return malicious or unsanctioned responses to user prompts. The...
View ArticleInfinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce...
Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of...
View ArticleDownload our endpoint detection and response (EDR) buyer’s guide
From the editors of CSO, this enterprise buyer’s guide helps security IT staff understand what endpoint detection and response (EDR) tools can do for their organizations and how to choose the right...
View ArticleCyberattackers are using more new malware, attacking critical infrastructure
Security teams are in for an increasingly busy year as the number of attacks and the amount of new malware increase, according to BlackBerry’s latest Global Threat Intelligence Report, released...
View ArticleThe CSO guide to top security conferences
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have...
View ArticleTop 12 cloud security certifications
Since publishing our list of top cloud security certifications in 2021, the sector has changed dramatically. Our new recommendations reflect these sweeping changes so that cloud security professionals...
View ArticleTeamViewer targeted by APT29 hackers, containment measures in place
Remote desktop software provider TeamViewer has disclosed a cyberattack on its corporate network, but maintains that no customer data or product functionality was compromised. The company said the...
View ArticleReduce security risk with 3 edge-securing steps
A cybersecurity leader’s role in reducing risk should always be clearly defined, but all too often in our business, it seems we’re not doing enough. Risk is everywhere these days, with attacks seemly...
View ArticleGoogle to allow trusted web apps to access USB devices
Google is working to allow trusted isolated web applications to have unfettered access through the WebUSB API, a JavaScript API that authenticates web applications to interact with local USB devices...
View ArticleOpenSSH vulnerability regreSSHion puts millions of servers at risk
Researchers have uncovered a serious remote code execution vulnerability in the Open Secure Shell (OpenSSH) server that could let unauthenticated attackers obtain a root shell on servers and take them...
View Article10 most powerful cybersecurity companies today
CISOs and other security execs often find themselves in a difficult position. Attackers are always getting better, and now they can use genAI to help craft ransomware emails or create deepfakes. At...
View ArticleNew campaign uses malware ‘cluster bomb’ to effect maximum impact
In a newly discovered campaign, an Eastern European threat actor is found using a novel “cluster bomb” approach to package a cascading malware deployment within a single infection. Dubbed “Unfirling...
View ArticleAI agents can find and exploit known vulnerabilities, study shows
Researchers at the University of Illinois gave a team of autonomous AI agents a CVE description of a vulnerability and the agents were able to autonomously find and exploit the vulnerability in a test...
View ArticleCocoaPods flaws left iOS, macOS apps open to supply-chain attack
Recently patched vulnerabilities in a software dependency management tool used by developers of applications for Apple’s iOS and MacOS platforms, could have opened the door for attackers to insert...
View ArticleUS Supreme Court ruling will likely cause cyber regulation chaos
The US Supreme Court has issued a decision that could upend all federal cybersecurity regulations, moving ultimate regulatory approval to the courts and away from regulatory agencies. A host of likely...
View ArticleCisco patches actively exploited zero-day flaw in Nexus switches
Cisco has released patches for several series of Nexus switches to fix a vulnerability that could allow attackers to hide the execution of bash commands on the underlying operating system. Although...
View ArticleClik here to view.
How CISOs can protect their personal liability
Court cases against CISOs that threaten jail time and expensive penalties such as those against former Uber CISO Joe Sullivan and SolarWinds’ Timothy G. Brown, have kept CISOs wake at night. The...
View ArticlePasskeys aren’t attack-proof, not until properly implemented
Passkey, a password-less technology for authenticating user access to cloud-hosted applications, may still be vulnerable to adversary-in-the-middle (AitM) attacks despite its massive popularity,...
View ArticleDownload the UEM vendor comparison chart, 2024 edition
From the editors of our sister publication Computerworld, this vendor comparison chart helps IT and security staff understand what the major unified endpoint management (UEM) platforms can do for...
View Article