2019 and CSO - Cyber Security Informer

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

The Last Watchdog

APRIL 20, 2023

I had the chance to visit with Scott Gerlach, chief security officer and co-founder of StackHawk , a Denver-based software company launched in 2019 to join the phalanx of vendors innovating like crazy to dial-in meaningful code checks, in just the right measure, at just the right moment.

CSO

CSO Software Internet Internet

What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

CSO Magazine

JULY 26, 2022

Editor's note: This article, originally published on July 3, 2019, has been updated with a directory of ISACs and ISAOs.] Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ]. ISAC and ISAO definition.

Cyber threats

Cyber threats CSO

6 zero trust myths and misconceptions

CSO Magazine

OCTOBER 18, 2021

Interest in zero trust is surging, according to IDG’s 2020 Security Priorities Study, with 40% of survey respondents saying they are actively researching zero trust technologies, up from only 11% in 2019, and 18% of organizations indicating they already have zero trust solutions, more than double the 8% in 2018.

CSO

CSO Marketing Technology

4 steps to protect the C-suite from business email compromise attacks

CSO Magazine

OCTOBER 4, 2021

In 2019, Toyota Boshoku Corporation lost $37 million after the information in a payment direction from a third-party was changed, sending millions to the fraudsters. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ].

CSO

CSO Phishing Accountability

Insider risk management: Where your program resides shapes its focus

CSO Magazine

MAY 29, 2023

In 2019, a CSO article raised the question “ Insider risk management — who’s the boss ?” Over the years I have hypothesized that where such IRM programs reside within an organization will have a material impact on its focus and possibly its overall effectiveness.

Risk

Risk CSO Government

BrandPost: For the Metaverse, Gaming Security Leads the Way

CSO Magazine

NOVEMBER 8, 2021

And why should a CSO care about it? As Wired’s Kevin Kelly wrote in a story about it back in 2019: “when [the metaverse] is complete, our physical reality will merge with the digital universe.” The metaverse. It’s kind of a big deal. It’s even hit the point where major news outlets are writing about it. But what is it?

CSO

CSO Internet Internet

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

CSO Magazine

APRIL 20, 2021

Some of the flaws date from 2019 and 2020, but one was unknown until this month. Sign up for CSO newsletters. ]. Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need.

VPN

VPN CSO Hacking Authentication

Diversity in security: How 3 organizations are making a difference—one relationship at a time

CSO Magazine

FEBRUARY 16, 2021

Michaela founded Blacks In Cybersecurity (BIC) in January 2019 with the goal of highlighting and elevating the Black community in the security profession by offering a range of activities, from online forums and to conferences, meet-ups, seminars and group outings. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ]. “We

CSO

CSO Cybersecurity

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

The Last Watchdog

APRIL 5, 2019

I had the chance to visit with CipherCloud CTO Sundaram Lakshmanan at RSA 2019. One company still actively innovating as an independent CASB is San Jose, CA-based security vendor CipherCloud. Zero-trust philosophy. While the concept of zero trust is relatively new, it fits very well with CASBs’ approach to security.

Digital transformation

Digital transformation CSO Firewall Risk

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

APRIL 30, 2019

I had the chance at RSA 2019 to visit with George Wrenn, founder and CEO of CyberSaint Security , a cybersecurity software firm that plays directly in this space. Prior to launching CyberSaint, Wrenn was CSO of Schneider Electric, a supplier of technologies used in industrial control systems.

Cybersecurity

Cybersecurity Insurance Cyber Insurance Risk

The biggest data breach fines, penalties and settlements so far

CSO Magazine

JANUARY 15, 2021

Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. This comes after an active 2018.

Data breaches

What is the dark web? How to access it and what you'll find

CSO Magazine

JULY 1, 2021

A 2019 study, Into the Web of Profit , conducted by Dr. Michael McGuires at the University of Surrey, shows that things have become worse. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period in 2015 and found that 57% host illicit material.

Engineering

Engineering Internet Internet

The password hall of shame (and 10 tips for better password security)

CSO Magazine

APRIL 15, 2021

The six-digit sequence has also ranked high on other lists over the years; SplashData, which has come up with lists using similar methodology, found "123456" in second place in 2011 and 2012; it then jumped up to number one where it stayed every year right through 2019. To read this article in full, please click here

Passwords

Passwords Data breaches

9 tips for an effective ransomware negotiation

CSO Magazine

NOVEMBER 24, 2021

The data comes from research of over 700 attacker-victim negotiations between 2019 and 2020 and a paper that explores three main topics. Concepts were presented by Pepijn Hack and Zong-Yu Wu at Black Hat Europe 2021 and expanded upon in a detailed NCC Group blog posting shortly after.

Ransomware

Ransomware Hacking Cybersecurity

Auditing the IRS: Asset Management Problems Causing Cybersecurity Risks

SecureWorld News

AUGUST 26, 2020

The IRS currently has 669 systems in its production environment and the IG audit says the cost of maintaining this environment is astronomical: "In Fiscal Year 2019, the IRS spent over $2.86 Aflac CSO Tim Callahan told us as much after his keynote at a SecureWorld conference last year. Asset management is difficult.

Risk

Risk Cybersecurity CSO Technology

Vulnerability management mistakes CISOs still make

CSO Magazine

JUNE 14, 2022

Multiple breaches, including the massive 2017 data breach at the credit reporting agency Equifax , have been traced back to unpatched vulnerabilities—a 2019 Tripwire study found that 27% of all breaches were caused by unpatched vulnerabilities, while a 2018 Ponemon study put the number at a jaw-dropping 60%.

CISO

CISO Data breaches

Insured companies more likely to be ransomware victims, sometimes more than once

CSO Magazine

MAY 15, 2023

Back in 2019, fewer than 20% of enterprises suffered repeat ransomware attacks, while during the pandemic, the percentage rose to around 30%. Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers.

Insurance

Insurance Cyber Insurance Ransomware Encryption

Pulse Secure: New Deadline for Government to Patch

SecureWorld News

APRIL 22, 2021

We have discovered four issues, the bulk of which involve three vulnerabilities that were patched in 2019 and 2020: Security Advisory SA44101 (CVE-2019-11510), Security Advisory SA44588 (CVE-2020-8243) and Security Advisory SA44601 (CVE-2020-8260).

Government

Government CSO Software VPN

6 steps for third-party cyber risk management

CSO Magazine

SEPTEMBER 30, 2021

Many organizations transact with hundreds of third-party partners, according to EY’s Global Third-Party Risk Management Survey 2019-2020 , a trend that PwC finds shows no sign of slowing, even as the risks increase.

Cyber Risk

Cyber Risk Risk Cybersecurity

Top tools and best practices for WordPress security

CSO Magazine

MARCH 16, 2022

Going back in time, a botnet used compromised WordPress servers to attack others in 2018 and another series of attacks in 2019. Another attack on a WordPress server redirected traffic to malicious websites where visitors would receive malware. To read this article in full, please click here

Passwords

Passwords Malware

BrandPost: A Healthy Boost: Hospital Uses Managed Services to Bolster Security

CSO Magazine

APRIL 23, 2021

In 2020, more than 29 million healthcare records were breached—a 25% increase over 2019, according to the HIPAA Journal. The healthcare industry remains a prime target for cybercriminals. These sorts of statistics keep healthcare security leaders awake at night.

Healthcare

BrandPost: How the Gaming Industry Can Play it Safe and Not Get Pwned

CSO Magazine

JANUARY 12, 2022

Web attacks targeting the gaming industry rose 340% year over year between 2019 and 2020, and credential stuffing attacks were up 224%, according to Akamai’s Gaming in a Pandemic report. Criminals are constantly testing defenses and probing servers to find illicit entry into gaming services and user accounts.

Accountability

JetBlue CISO Tim Rohrbaugh on putting threat intelligence at the center

CSO Magazine

DECEMBER 16, 2021

Success is nonnegotiable for Rohrbaugh, who took over as chief information security officer at JetBlue Airways in 2019. “We as defenders really need to understand who the adversaries are, what their tactics are, what their techniques are,” he says.

CISO

CISO Information Security Hacking

Q&A: Researchers find evidence of emerging market for stolen, spoofed machine identities

The Last Watchdog

APRIL 17, 2019

For a full drill down on our most recent conversation, at RSA 2019 , give a listen to the accompanying podcast. At the end of the day the CSO the CIO and the CEO all left the company. Thus, the monitoring, management and protection of machine identities must be ongoing and automated, he argued.

Marketing

Marketing CSO Digital transformation Internet

M&A Trending In Cybersecurity Industry Vertical For 2022

CyberSecurity Insiders

JANUARY 28, 2022

cybersecurity M&A deals hit 151 in the first three quarters of 2021, compared to 80, 88 and 94 in 2018, 2019 and 2020, respectively, according to data from 451 Research. According to CSO, 2021 shaped up to be an active year for mergers and acquisitions in the cybersecurity industry. In fact, the volume of U.S.

Cybersecurity

Cybersecurity CSO Digital transformation Penetration Testing

Microsoft's rough 2022 security year in review

CSO Magazine

DECEMBER 8, 2022

Exchange 2019 is the only version under mainstream support at this time. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely. It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted?

LockBit explained: How it has become the most popular ransomware

CSO Magazine

JULY 5, 2022

Since its launch in 2019, LockBit has constantly evolved, seeing unprecedented growth recently driven by other ransomware gangs disbanding. LockBit is one of the most prominent ransomware-as-a-service (RaaS) operations that has targeted organizations over the past several years.

Ransomware

BrandPost: Why Hackers are Increasingly Targeting Digital Supply Chains

CSO Magazine

JULY 13, 2022

But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone. For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities.

Manufacturing

Manufacturing Software Hacking

How a Venezuelan disinformation campaign swayed voters in Colombia

CSO Magazine

AUGUST 11, 2022

In 2019, the U.S. Ever since the Kremlin's troll farm, the Internet Research Agency, targeted the American electorate during the 2016 U.S. presidential election with social media disinformation campaigns, nation-states across the globe have jumped into their own weaponized information campaigns to influence elections.

Media

Media Internet Internet

COPPA explained: How this law protects children's privacy

CSO Magazine

FEBRUARY 8, 2021

And an FTC COPPA settlement with Google in 2019 has resulted in major changes to how YouTube ads work, throwing the world of video creators into a major uproar. While the law originated in the early days of the Internet, it's even more important in the modern age of social media and programmatic ads.

Media

Media Government Internet Internet

CISA releases directive to remediate dangerous vulnerabilities across civilian agencies

CSO Magazine

NOVEMBER 4, 2021

CISA says this directive enhances but does not replace BOD 19-02 , issued in April 2019 to address remediation requirements for critical and high vulnerabilities on internet-facing federal information systems identified through CISA's vulnerability scanning service.

Internet

Internet Internet Cybersecurity

Russia points finger at US for iPhone exploit campaign that also hit Kaspersky Lab

CSO Magazine

JUNE 2, 2023

According to the company's analysis of infected devices, the operation has been ongoing since at least 2019 and starts with victims receiving an invisible message over the iMessage application with an attachment that initiates an exploit chain and then deletes itself.

Spyware

Spyware Antivirus

China's cyber espionage focus: intellectual property theft

CSO Magazine

MAY 17, 2022

The report noted that the Chinese advanced persistent threat (APT) group has had many labels including Winnti and APT41 and is credited with being operational from at least 2019. Over the course of the past few years, the group siphoned off, according to Cybereason, hundreds of gigabytes of data from their targets.

BrandPost: Propaganda in the digital age: How cyber influence operations erode trust

CSO Magazine

MARCH 13, 2023

The result is a 900% year-over-year increase in the proliferation of deepfakes since 2019. These campaigns leverage various methods and technologies to erode trust, increase polarization, and threaten democratic processes.

Media

Media Technology Internet Internet

Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it

CSO Magazine

DECEMBER 15, 2022

Both vulnerabilities impact Microsoft Exchange Server on-premises and hybrid setups running Exchange versions 2013, 2016, and 2019 with an internet-exposed Outlook Web App (OWA) component. To read this article in full, please click here

InfoSec

InfoSec Authentication Internet Internet

BrandPost: How to Isolate Malicious Email Attachments from Your Network

CSO Magazine

JULY 1, 2021

According to ransomware statistics from 2019, organizations lost more than $7.5 Today’s ransomware is commonly delivered via weaponized Microsoft Office documents or PDFs that are sent through email. Cybercriminals do this because it works. billion due to ransomware attacks.

Ransomware

BrandPost: SolarWinds Shines Spotlight on Supply Chain Risks

CSO Magazine

FEBRUARY 9, 2021

Our analysis of incidents which took place between 2019 and 2020 led us to the conclusion that we would see increasingly sophisticated attack methods in the upcoming months. To make our vision of the future more accurate, we constantly monitor day to day trends , to gain a better understanding of the current status of information security.

Risk

Risk Information Security Cybersecurity

BrandPost: Water Tight: Utility Secures its Infrastructure and Workforce

CSO Magazine

MARCH 18, 2021

These institutions reported 6,843 security incidents in 2019—the second-highest among industries, according to the Verizon 2020 Data Breach Investigations Report. It’s the No. 1 business and tech priority, according to the 2021 State of the CIO. Although no industry is immune, the public sector is among the top targets for cyber attacks.

Data breaches

Data breaches Cyber Attacks Information Security Cybersecurity

Making security a more welcoming field for women

CSO Magazine

MARCH 29, 2022

Alethe Denis was on maternity leave when she decided to participate in DEF CON's Social Engineering Capture the Flag competition in 2019. She took her three-month-old daughter and her husband to Las Vegas and planned the trip to the finest detail. Things could have gone wildly wrong," Denis says. "It

Social Engineering

Social Engineering Engineering

Chinese APT group Winnti stole trade secrets in years-long undetected campaign

CSO Magazine

MAY 4, 2022

Security researchers have uncovered a cyberespionage campaign that has remained largely undetected since 2019 and focused on stealing trade secrets and other intellectual property from technology and manufacturing companies across the world.

Manufacturing

Manufacturing Technology Malware

NEW TECH: Votiro takes ‘white-listing’ approach to defusing weaponized documents

The Last Watchdog

MARCH 13, 2019

I had a revelatory discussion about this with Aviv Grafi, CEO of Votiro, at RSA 2019 in San Francisco last week. The work duties call for them to open and deal with business documents, “and at the same time the CSO actually may be directing them to think twice before they open any document,” Grafi says. “So,

Malware

Malware CSO System Administration Financial Services

BrandPost: SPs and MSSPs Must Differentiate SD-WAN Offerings with Holistic Services

CSO Magazine

JUNE 9, 2021

According to a 2020 IDG Research Services report , SD-WAN adoption increased from 35% to 54% between 2017 and 2019. SD-WAN has been one of the most rapidly adopted technologies of the last decade. And a recent IDG survey indicated that 95% of respondents expect to shift to SD-WAN within the coming two years.

Technology

Russia-Pushed UN Cybercrime Treaty Meets Free Speech, Privacy Resistance

SecureWorld News

JUNE 7, 2023

The main challenge has been to define the scope of the new treaty, that is, the list of offences to be criminalised.

Cybercrime

Cybercrime CSO Technology Surveillance

Instagram faces $402 million fine for alleged mishandling of children’s data

CSO Magazine

SEPTEMBER 7, 2022

It’s the second-largest fine ever handed out by EU-based regulators, behind only the $739 million that Luxembourg authorities levied against Amazon last year. A spokesperson for the Irish DPC said that full details on the decision will be published next week, according to the reports.

Accountability

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

What is an ISAC or ISAO? How these cyber threat information sharing organizations improve security

Trending Sources

6 zero trust myths and misconceptions

4 steps to protect the C-suite from business email compromise attacks

Insider risk management: Where your program resides shapes its focus

BrandPost: For the Metaverse, Gaming Security Leads the Way

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

Diversity in security: How 3 organizations are making a difference—one relationship at a time

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The biggest data breach fines, penalties and settlements so far

What is the dark web? How to access it and what you'll find

The password hall of shame (and 10 tips for better password security)

9 tips for an effective ransomware negotiation

Auditing the IRS: Asset Management Problems Causing Cybersecurity Risks

Vulnerability management mistakes CISOs still make

Insured companies more likely to be ransomware victims, sometimes more than once

Pulse Secure: New Deadline for Government to Patch

6 steps for third-party cyber risk management

Top tools and best practices for WordPress security

BrandPost: A Healthy Boost: Hospital Uses Managed Services to Bolster Security

BrandPost: How the Gaming Industry Can Play it Safe and Not Get Pwned

JetBlue CISO Tim Rohrbaugh on putting threat intelligence at the center

Q&A: Researchers find evidence of emerging market for stolen, spoofed machine identities

M&A Trending In Cybersecurity Industry Vertical For 2022

Microsoft's rough 2022 security year in review

LockBit explained: How it has become the most popular ransomware

BrandPost: Why Hackers are Increasingly Targeting Digital Supply Chains

How a Venezuelan disinformation campaign swayed voters in Colombia

COPPA explained: How this law protects children's privacy

CISA releases directive to remediate dangerous vulnerabilities across civilian agencies

Russia points finger at US for iPhone exploit campaign that also hit Kaspersky Lab

China's cyber espionage focus: intellectual property theft

BrandPost: Propaganda in the digital age: How cyber influence operations erode trust

Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it

BrandPost: How to Isolate Malicious Email Attachments from Your Network

BrandPost: SolarWinds Shines Spotlight on Supply Chain Risks

BrandPost: Water Tight: Utility Secures its Infrastructure and Workforce

Making security a more welcoming field for women

Chinese APT group Winnti stole trade secrets in years-long undetected campaign

NEW TECH: Votiro takes ‘white-listing’ approach to defusing weaponized documents

BrandPost: SPs and MSSPs Must Differentiate SD-WAN Offerings with Holistic Services

Russia-Pushed UN Cybercrime Treaty Meets Free Speech, Privacy Resistance

Instagram faces $402 million fine for alleged mishandling of children’s data

Stay Connected