CSOonline58m
Think being CISO of a cybersecurity vendor is easy? Think again
Making the shift from a security product developer to the same role at an enterprise taught made one CISO more prepared, more ...
CSOonline7h
OpenSSH fixes two flaws that enable a man-in-the-middle attack and denial of service
Researchers from Qualys found two vulnerabilities that can be combined to bypass the server key verification in OpenSSH ...
CSOonline19h
XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm
The updated malware, which spreads via infected Xcode projects, introduces advanced evasion tactics and persistence ...
CSOonline19h
Russian malware discovered with Telegram hacks for C2 operations
Stealthy C2 messages operated by the Golang backdoor could easily be mistaken for legitimate Telegram API communication.
CSOonline22h
How CISOs can rebuild trust after a security incident
Cybersecurity leaders share insight on a crucial but overlooked task after any security incident: rebuilding trust with the ...
CSOonline1d
Password managers under increasing threat as infostealers triple and adapt
Security experts warn of surge in malware targeting credentials stored in password vaults and managers as adversarial focus ...
CSOonline1d
New family of data-stealing malware leverages Microsoft Outlook
CISOs have yet another attack vector to worry about with the discovery of a new family of data-stealing malware that uses ...
CSOonline1d
Ransomware gangs extort victims 17 hours after intrusion on average
The window for intrusion detection keeps getting shorter as ransomware group’s time-to-ransom (TTR) accelerates.
CSOonline5d
Unusual attack linked to Chinese APT group combines espionage and ransomware
The attacker deployed a variant of the PlugX cyberespionage toolset previously associated with Chinese APT groups against a ...
CSOonline6d
Beyond the paycheck: What cybersecurity professionals really want
In the face of talent shortages, organisations must rethink their approach to retaining cybersecurity professionals as money ...
CSOonline4d
CISO success story: How LA County trains (and retrains) workers to fight phishing
The CISO for LA County, charged with safeguarding 38 departments and 100,000 employees, shares tips on cross-agency ...
CSOonline5d
PostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks
Rapid7 researchers believe the BeyondTrust Remote Support attacks from December also exploited a zero-day flaw in PostgreSQL.