Why honeypots deserve a spot in your cybersecurity arsenal
In cybersecurity, we spend a lot of time focusing on preventative controls — patching vulnerabilities, implementing secure configurations, and performing other “best practices” to mitigate risk to our...
View ArticleUse payment tech and still not ready for PCI DSS 4.0? You could face stiff...
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements introduced by the Payment Card Industry Security Standards Council (PCI SSC) to protect card information...
View ArticleMacOS Ferret operators add a deceptive bite to their malware family
The macOS Ferret family, variants of malware used by North Korean APTs for cyber espionage, has received a new member as samples of a detection-resistant variant, Flexible-Ferret, appear in the wild....
View ArticleDownload our extended detection and response (XDR) buyer’s guide
From the editors of CSO, this enterprise buyer’s guide helps IT security staff understand what XDR can do for their organizations and how to choose the right solution.
View ArticleCyberattacken – nicht alle Manager wissen von ihrer Verantwortung
width="6016" height="3384" sizes="(max-width: 6016px) 100vw, 6016px">Den Kopf in den Sand zu stecken, ist beim Thema Cybersecurity keine gute Idee. Das Management muss sich seiner Verantwortung...
View ArticleClik here to view.
The cloud is not your only option: on-prem security still alive and well in...
We’ve often heard that on-premises solutions are on their way out, but until it’s clear that being completely in the cloud makes sense, we will remain in a long transition period. Nowhere else is this...
View Article21% of CISOs pressured to not report compliance issues
CISOs are increasingly getting caught between business pressures and regulatory obligations, leaving them struggling to balance corporate loyalty and legal accountability. To wit: One in five (21%)...
View ArticleLazarus Group tricks job seekers on LinkedIn with crypto-stealer
North Korea-linked Lazarus Group is duping job seekers and professionals in an ongoing campaign that runs a LinkedIn recruiting scam to capture browser credentials, steal crypto wallet data, and...
View ArticleClik here to view.
Ransomware-Angriff auf Escada
Der Modehersteller Escada wird von einer Ransomware-Bande mit gestohlenen Daten erpresst.Indoor Vision – Shutterstock Die berüchtigte Ransomware-Bande Ransomhub hat kürzlich einen Hinweis auf einen...
View ArticleMalicious package found in the Go ecosystem
A malicious typosquat package has been found in the Go language ecosystem. The package, which contains a backdoor to enable remote code execution, was discovered by researchers at the application...
View ArticleSpy vs spy: Security agencies help secure the network edge
The national intelligence services of five countries have offered enterprises advice on beating spies at their own game in a series of documents intended to help them protect network edge devices and...
View ArticlePolice arrest teenager suspected of hacking NATO and numerous Spanish...
Spain‘s National Police, in a joint operation with the Civil Guard, has arrested an 18-year-old suspected of being the hacker going by aliases including “Natohub,” and known for hacking the computer...
View ArticleClik here to view.
Die besten Cyber-Recovery-Lösungen
Nicht greifende Recovery-Prozesse sind für Unternehmen ein Albtraumszenario, das dank ausgefeilter Angriffe immer öfter zur Realität wird.Arjuna Kodisinghe | shutterstock.com Im Rahmen traditioneller...
View ArticleCIOs and CISOs grapple with DORA: Key challenges, compliance complexities
In force since January, the Digital Operational Resilience Act (DORA) has required considerable effort from CIOs and CISOs at 20 types of financial entities to achieve compliance. For many, the...
View ArticleClik here to view.
Mehr Cyberangriffe bei weniger Beute
Strengere Kontrollen bei Kryptobörsen zwingen Kriminelle, neue Wege zur Verschleierung ihrer Einnahmen zu finden. shutterstock.com – thanun vongsuravanich Die Ransomware-Landschaft hat sich im Jahr...
View ArticleCisco’s ISE bugs could allow root-level command execution
Cisco is warning enterprise admins of two critical flaws within its identity and access management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized...
View ArticleClik here to view.
Datenleck bei Vorwerk: Hacker stehlen Thermomix-Nutzerdaten
Hacker haben sich Zugriff auf Thermomix-Nutzerdaten verschafft.T. Schneider – Shutterstock.com Die Küchenmaschine Thermomix verfügt über einen Onlinezugang, über den Anwender Tausende Rezepte...
View ArticleAttackers hide malicious code in Hugging Face AI model Pickle files
Like all repositories of open-source software in recent years, AI model hosting platform Hugging Face has been abused by attackers to upload trojanized projects and assets with the goal of infecting...
View ArticleWorker distraction is on the rise. Digital employee experience (DEX)...
With the dramatic increase in remote work in the last few years, many of us are actually working longer hours, ricocheting between communication platforms, learning new systems on the fly, and...
View ArticleThe SolarWinds $4.4 billion acquisition gives CISOs what they least want:...
When SolarWinds on Friday announced a $4.4 billion cash deal for it to be acquired by private equity (PE) firm Turn/River Capital, it delivered the last thing that nervous enterprise CISOs want:...
View Article