CSOonline17h
Understanding OWASP’s Top 10 list of non-human identity critical risks
Non-human identities represent a vast chunk of credentials used by a typical organization, up to 50 times higher than the ...
CSOonline2h
Fake captcha attacks are increasing, say experts
CISOs need to warn employees in regular awareness training to refuse to copy and execute so-called verification login scripts.
CSOonline11h
Mac users duped with FrigidStealer posing as browser updates
Threat actors are seen distributing the new macOS stealer in a web inject campaign, along with stealers for other operating ...
CSOonline1d
Think being CISO of a cybersecurity vendor is easy? Think again
Making the shift from a security product developer to the same role at an enterprise taught made one CISO more prepared, more ...
CSOonline1d
Russian cyberespionage groups target Signal users with fake group invites
Russian APTs send users fake Signal group chat invites with specifically crafted links or QR codes that instead authorize ...
CSOonline1d
Hackers gain root access to Palo Alto firewalls through chained bugs
A recently disclosed medium-severity bug was chained with critical, older bugs to gain root-level access to PAN firewall ...
CSOonline1d
CISO success story: Predicting cyber risk (accurately) is easier with this guy’s formula
Ash Hunt of Apex Group piloted a statistic-driven model for predicting various cyber risk events, calculating loss exposure, ...
CSOonline2d
Password managers under increasing threat as infostealers triple and adapt
Security experts warn of surge in malware targeting credentials stored in password vaults and managers as adversarial focus ...
CSOonline2d
Russian malware discovered with Telegram hacks for C2 operations
Stealthy C2 messages operated by the Golang backdoor could easily be mistaken for legitimate Telegram API communication.
CSOonline2d
XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm
The updated malware, which spreads via infected Xcode projects, introduces advanced evasion tactics and persistence ...
CSOonline1d
New family of data-stealing malware leverages Microsoft Outlook
CISOs have yet another attack vector to worry about with the discovery of a new family of data-stealing malware that uses ...
CSOonline2d
OpenSSH fixes flaws that enable man-in-the-middle, DoS attacks
Researchers from Qualys found two vulnerabilities that can be combined to bypass the server key verification in OpenSSH ...