Goodbye phishing? Descope’s nOTP authentication offers WhatsApp alternative...
This week, US startup Descope is announcing what it claims is a new way to authenticate to websites via WhatsApp that doesn’t require the end user to do much at all. For the last decade, the online...
View ArticleDigital trust gap leaves organizations vulnerable
A significant digital trust “acknowledgment-action gap” exists in organizations and it’s holding back stronger protections for customers, stakeholders and partners, the latest ISACA State of Digital...
View ArticleHow to deploy WPA3 for enhanced wireless security
WPA3 is the latest iteration of the Wi-Fi Protected Access (WPA) standard, succeeding WPA2, which has been the de facto security protocol for wireless networks for nearly two decades. This new...
View ArticleInnovating safely: Navigating the intersection of AI, network, and security
The widespread adoption of artificial intelligence (AI) has thrust it in the limelight, accelerating change across enterprises and industries. Given its potential use as a tool both for and against...
View ArticleHuman vulnerability remains top threat: Report
Humans remains a key vulnerability point of enterprise security strategies, according to a report from IT security provider Arctic Wolf, which found that 48% of more than 1,000 senior IT and...
View ArticleCloud access security brokers (CASBs): What to know before you buy
Cloud access security brokers (CASBs) explained As the name suggests, a cloud access security broker (CASB) manages access between enterprise endpoints and cloud resources from a security perspective....
View ArticleWorld’s largest botnet seized in Federal bust, Chinese national arrested
An international law enforcement operation led by the US Department of Justice has taken down a multi-million botnet network linked to large-scale cyberattacks, including fraud, child exploitation,...
View ArticleOver half of government applications have unpatched flaws older than a year
The public sector is one of the top targets for sophisticated state sponsored threat actors as well as ransomware gangs, but it’s having a hard time keeping up with security patches in a timely...
View ArticleDownload our data security posture management (DSPM) enterprise buyer’s guide
From the editors of CSO, this enterprise buyer’s guide helps security IT staff understand what data security posture management (DSPM) can do for their organizations and how to choose the right...
View ArticleCybercrime group claims to have stolen data on 560 million Ticketmaster users
Cybercrime group ShinyHunters is claiming it has grabbed data from more than half a billion Ticketmaster customers. It has posted screen captures supporting this claim, but there is little in those...
View Article‘Operation Endgame’ deals major blow to malware distribution botnets
In what Europol calls the largest-ever takedown operation against botnets, law enforcement agencies from different countries managed to disrupt the infrastructure, seize assets, and arrest suspects...
View ArticleTwo-factor authentication (2FA) explained: How it works and how to enable it
What is 2FA? Two-factor authentication (2FA) is a security access method that requires users to provide two forms of identification (aka factors), typically a password in conjunction with a second...
View ArticleThe CSO guide to top security conferences
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have...
View Article3 reasons users can’t stop making security mistakes — unless you address them
Risks associated with cybersecurity continue to evolve, but one challenge remains a constant for CISOs: managing human error. Even with advanced solutions and sophisticated protocols in place,...
View ArticleOkta alerts customers against new credential-stuffing attacks
A cross-origin authentication feature in Okta’s customer identity cloud (CIC) is open to credential-stuffing attacks, the identity and access management company said in a security advisory. The...
View ArticleOpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools...
OpenAI said malicious actors from China, Russia, Iran, and Israel have been using its generative AI tools to run covert influence campaigns to manipulate public opinion, adding that the company...
View ArticleBug in EmbedAI can allow poisoned data to sneak into your LLMs
EmbedAI, an application used to interact with documents by utilizing the capabilities of large language models (LLMs), is experiencing a data poisoning vulnerability, according to cybersecurity...
View ArticleMicrosoft: The brand attackers love to imitate
Cybercriminals are increasingly imitating well-known brands as a means for infiltrating corporate networks and stealing sensitive data, according to recent research from Cisco Talos Intelligence. This...
View ArticleClik here to view.
What are non-human identities and why do they matter?
Identity and access management (IAM) is so critical to cybersecurity that it has generated such universal axioms as “identity is the new perimeter” or “hackers don’t hack in, they log in” to...
View ArticleAfter Snowflake, Hugging Face reports security breach
Hugging Face, a platform for building AI and ML models, has warned users of a breach that could expose access authentication secrets on Spaces, a community repository for AI projects. “Earlier this...
View Article