CSOonline11h
CISO success story: How LA County trains (and retrains) workers to fight phishing
The CISO for LA County, charged with safeguarding 38 departments and 100,000 employees, shares tips on cross-agency ...
CSOonline22h
whoAMI name confusion attacks can expose AWS accounts to malicious code execution
Due to a misconfiguration, developers could be tricked into retrieving malicious Amazon Machine Images (AMI) while creating ...
CSOonline16h
What is anomaly detection? Behavior-based analysis for cyber threats
Anomaly detection can be powerful in spotting cyber incidents, but experts say CISOs should balance traditional ...
CSOonline1d
Unusual attack linked to Chinese APT group combines espionage and ransomware
The attacker deployed a variant of the PlugX cyberespionage toolset previously associated with Chinese APT groups against a ...
CSOonline1d
PostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks
Rapid7 researchers believe the BeyondTrust Remote Support attacks from December also exploited a zero-day flaw in PostgreSQL.
CSOonline1d
CISA, FBI call software with buffer overflow issues ‘unforgivable’
The federal directive forbids vendors from shipping software with such flaws, and flags recent Microsoft, and Ivanti ...
CSOonline1d
What security teams need to know about the coming demise of old Microsoft servers
While the planned phase-out of Microsoft Exchange 2016 and Exchange 2019 is many months away, evaluate your organization’s ...
CSOonline2d
24% of vulnerabilities are abused before a patch is available
Exploited CVEs increased by a fifth in 2024, according to analysis by VulnCheck, with increased transparency and improved ...
CSOonline1d
Russian hacking group targets critical infrastructure in the US, the UK, and Canada
The operation, attributed to the notorious Russian threat actor Seashell Blizzard, has compromised high-profile targets in ...
CSOonline1d
DLP solutions vs today’s cyberthreats: The urgent need for modern solutions
Traditional DLP solutions no longer align with the pace and complexity of today’s hybrid, cloud-driven environments. Enter ...
CSOonline4d
Top 5 ways attackers use generative AI to exploit your systems
Cybercriminals are increasingly exploiting gen AI technologies to enhance the sophistication and efficiency of their attacks.
CSOonline2d
Hacker allegedly puts massive OmniGPT breach data for sale on the dark web
The unconfirmed breach allegedly includes email, phone numbers, API and crypto keys, credentials, and billing information, ...