2023 and CSO - Cyber Security Informer

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

CSO Magazine

MAY 23, 2023

Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear.

CSO

CSO CISO Cybercrime Cybersecurity

BrandPost: Top CSO Priority for 2023: Create a Strong Security Culture

CSO Magazine

FEBRUARY 21, 2023

For every CSO in 2023, creating and strengthening a culture of security has to be priority No. It’s a cliché, but it’s true: Security is only as strong as the weakest link. Ensuring strong security requires a strong security culture, from the C-Suite to every employee throughout the extended supply chain.

CSO

CSO Government Cybersecurity

Most interesting products to see at RSA Conference 2023

CSO Magazine

APRIL 21, 2023

That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here. More announcements will be made throughout the event, and CSO will update this article as their embargoes break. We’ve organized the listings by day of announcement.

CSO

CSO Phishing Software

Cybersecurity spending and economic headwinds in 2023

CSO Magazine

JANUARY 12, 2023

Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few observations based on some recent ESG research. First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending.

Cybersecurity

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

The Last Watchdog

APRIL 20, 2023

As RSA Conference 2023 gets underway next week at San Francisco’s Moscone Center, advanced application security and API security tools and practices are grabbing a lot of attention.

CSO

CSO Software Internet Internet

How 2023 cybersecurity budget allocations are shaping up

CSO Magazine

AUGUST 24, 2022

It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice President and Research Director Merritt Maxim. Forrester released a report Tuesday to help organizations do just that.

Cybersecurity

Cybersecurity Technology

10 notable critical infrastructure cybersecurity initiatives in 2023

CSO Magazine

JUNE 5, 2023

The security of critical infrastructure has been high on the agenda in 2023, with cyberattacks and other risks posing a persistent threat to the technologies and systems relied upon for essential services such as energy, food, electricity, and healthcare.

Cybersecurity

Cybersecurity Healthcare Technology Ransomware

Top 10 open source software risks for 2023

CSO Magazine

MARCH 1, 2023

Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs.

Software

Software Risk

5 key considerations for your 2023 cybersecurity budget planning

CSO Magazine

JULY 14, 2022

As CISOs look to prepare their 2023 security budgets, some might be asking themselves, “where do I begin?” There are such varied and rapidly changing facets of defending organizations against cyber threats that the task of sorting out which risks need the most attention can seem overwhelming.

Cybersecurity

Cybersecurity CISO Cyber threats Risk

5 top threats from 2022 most likely to strike in 2023

CSO Magazine

FEBRUARY 22, 2023

In its newly released annual State of Malware report , cybersecurity firm Malwarebytes selected five threats that they consider to be archetypes for some of the most common malware families observed in 2022: LockBit ransomware The Emotet botnet The SocGholish drive-by download Android droppers macOS Genio adware "Protecting your business for the rest (..)

Adware

Adware Scams Malware Ransomware

P-to-P fraud most concerning cyber threat in 2023: CSI

CSO Magazine

JANUARY 24, 2023

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%).

Cyber threats

Cyber threats Identity Theft Cyber Insurance Insurance

Ransomware ecosystem becoming more diverse for 2023

CSO Magazine

JANUARY 2, 2023

The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement.

Ransomware

Ransomware Marketing

Cybersecurity startups to watch for in 2023

CSO Magazine

NOVEMBER 11, 2022

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity.

Cybersecurity

Cybersecurity Risk

Top cybersecurity M&A deals for 2023

CSO Magazine

FEBRUARY 10, 2023

Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Global concern over cybersecurity has never been higher, with attacks coming fast and furious and in ever-growing numbers , and 65% of organizations planned to increase cybersecurity spending in 2023.

Cybersecurity

Cybersecurity CISO

What you should know when considering cyber insurance in 2023

CSO Magazine

DECEMBER 6, 2022

As the frequency and severity of ransomware, phishing, and denial of service attacks has increased, so has demand for cyber insurance. billion in direct written premiums were recorded in 2021, a 61% increase over the prior year, according to an October 2022 memorandum from the National Association of Insurance Commissioners.

Cyber Insurance

Cyber Insurance Insurance Phishing Ransomware

Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition

CSO Magazine

FEBRUARY 6, 2023

Cybersecurity insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures ( CVEs ) in 2023, a 13% increase over 2022. billion IP addresses.

Insurance

Insurance Cyber threats Internet Internet

Office of the Director of National Intelligence highlights cyber threats in 2023 Intelligence Threat Assessment

CSO Magazine

MARCH 28, 2023

The ODNI minced no words as they addressed China, Russia, North Korea, and Iran as the key nation-states responsible for cyber threats and then continued to highlight other non-state actors that are equally worthy of our attention in the 2023 Threat Assessment. To read this article in full, please click here

Cyber threats

Judge Delays Enforcement of California Consumer Privacy Act to 2024

SecureWorld News

JULY 17, 2023

A California judge made the decision just as the original July 1, 2023, deadline was to hit. A California judge made the decision just as the original July 1, 2023, deadline was to hit. Additionally, the March 29, 2023, regulations are the ones that are being delayed.

CSO

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

GitHub to mandate 2FA for all code contributors by 2023

CSO Magazine

MAY 4, 2022

The world’s leading development platform said it will require all code-contributing users to enroll in 2FA by the end of 2023 to enhance the security of developer accounts and bolster security within the software supply chain. GitHub has announced its largest-ever push toward two-factor authentication (2FA).

Authentication

Authentication Software Accountability Risk

5 top threats from 2022 most likely to strike in 2023

CSO Magazine

FEBRUARY 22, 2023

In its newly released annual State of Malware report , cybersecurity firm Malwarebytes selected five threats that they consider to be archetypes for some of the most common malware families observed in 2022: LockBit ransomware The Emotet botnet The SocGholish drive-by download Android droppers macOS Genio adware "Protecting your business for the rest (..)

Adware

Adware Scams Malware Ransomware

Uber Data Exposed After Law Firm's Breach

SecureWorld News

APRIL 6, 2023

Genova Burns shared in a letter to affected drivers some information about the breach: "On January 31, 2023, Genova Burns became aware of suspicious activity relating to our internal information systems. In response, we engaged outside forensic and data security specialists to investigate the nature and scope of the activity.

Data breaches

Data breaches CSO Phishing Risk

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

eSecurity Planet

JANUARY 29, 2024

“The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. The fix: Deploy the Apache security upgrades available since November 2023. The fix: Apply the patches released in December 2023 ASAP.

Software

Software Authentication CSO Accountability

Security Roundup October 2023

BH Consulting

OCTOBER 15, 2023

A companion to Europol’s IOCTA 2023 report , it digs deeper into malware – ransomware in particular – and DDoS attacks. MORE Joe Sullivan, Uber’s CSO during its data breach, shares his perspective. Sign up here The post Security Roundup October 2023 appeared first on BH Consulting.

Ransomware

Ransomware Data breaches CSO Cyber Attacks

BrandPost: The Cloud Is Under Attack: The State of Cloud Security in 2023

CSO Magazine

JANUARY 4, 2023

By now, many small and mid-sized organizations have transitioned to the cloud and are running hybrid environments. Not surprisingly, as the adoption of cloud technology grows, it has also become a more attractive target for cybercriminals.

Technology

Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023

CSO Magazine

FEBRUARY 21, 2023

Despite the billions of dollars poured annually into cybersecurity by investors, organizations, academia, and government, adequate and reliable cybersecurity remains an ever-elusive goal.

Risk

Risk Cybersecurity Government Technology

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Security Boulevard

FEBRUARY 14, 2025

CISA and the FBI also highlighted these buffer overflow vulnerabilities: CVE-2025-21333 CVE-2025-0282 CVE-2024-49138 CVE-2024-38812 CVE-2023-6549 CVE-2022-0185 For more information about buffer overflow attacks and vulnerabilities: Buffer Overflow (OWASP) What is Buffer Overflow? Mike Rounds (R-S.D.) who introduced the bill along with Sen.

Banking

Banking Cybercrime Cybersecurity Ransomware

19 startups to check out at RSA Conference 2023

CSO Magazine

APRIL 18, 2023

This year’s RSA Conference showcases promising startups from all over the world, many of which are making their first public appearance. Most will be exhibiting in the Early Stage Expo , which features 50 new security solution providers. Other startup exhibitors are finalists in RSA’s Innovation Sandbox competition.

SEC Provides Clarity on Disclosing Material vs. Non-Material Cyber Incidents

SecureWorld News

MAY 23, 2024

And the recent clarifications—focusing on material cybersecurity incidents—is a step in the right direction," said Glenn Kapetansky , CSO, Trexin Group. "In See the December 2023 statement for more details on each of the three questions that need to be answered.

CISO

CISO CSO Risk Cybersecurity

BrandPost: Fortinet 2023 Skills Gap Report: How organizations can fill the talent shortage

CSO Magazine

MARCH 23, 2023

The ongoing cybersecurity talent shortage presents challenges for organizations everywhere. As critical roles remain vacant far too long, already overburdened IT and security teams are grappling with a long list of responsibilities to safeguard their corporate networks, and that’s just the tip of the iceberg.

Cyber threats

Cyber threats Cybersecurity

December 15 Marks Deadline for SEC's New Cyber Disclosure Rules

SecureWorld News

DECEMBER 11, 2023

December 15, 2023, marks a significant shift in the cybersecurity landscape for publicly traded companies. The SEC announced its new cyber incident disclosure rules on July 26, 2023, when it appeared the rules were effective immediately. Immediately or not, Dec. 15 is now here, and the new rules will be in effect.

CISO

CISO Risk CSO Government

CPRA explained: New California privacy law ramps up restrictions on data use

CSO Magazine

DECEMBER 26, 2022

On January 1, 2023, 20, the California Privacy Rights Act (CPRA) will go into effect. Approved by ballot measure as Proposition 24 in November 2020, it created a new consumer data privacy agency and put California another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises.

Data privacy

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

eSecurity Planet

SEPTEMBER 9, 2024

The problem: RansomHub, a ransomware-as-a-service group, targeted security vulnerabilities in Apache ActiveMQ ( CVE-2023-46604 ), Atlassian Confluence ( CVE-2023-22515 ), Citrix ADC ( CVE-2023-3519 ), and Fortinet devices ( CVE-2023-27997 ).

Firmware

Firmware Backups Firewall Risk

Three-quarters of businesses braced for ‘serious’ email attack this year

CSO Magazine

FEBRUARY 21, 2023

IT security leaders at three-out-of-four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, with the increasing sophistication of attacks a top concern, according to the 2023 State of Email Security (SOES) report.

Technology

Technology Malware

Hackers exploit WordPress vulnerability within hours of PoC exploit release

CSO Magazine

MAY 15, 2023

The high-severity vulnerability, CVE-2023-30777 that affects the WordPress Advanced Custom Fields plugin, was identified by a Patchstack researcher on May 2. To read this article in full, please click here

Latin American companies, governments need more focus on cybersecurity

CSO Magazine

MARCH 29, 2023

For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. The 2023 LATAM CISO Report offers different cybersecurity perspectives of industry leaders in Latin America. Duke University conducted the survey.

Government

Government Cybersecurity CISO Banking

Virginia data protection bill signed into law

CSO Magazine

MARCH 5, 2021

In a referendum last fall, California citizens voted to amend the CCPA by approving the California Privacy Rights and Enforcement Act (CPRA) , which will mostly go into effect on January 1, 2023. To read this article in full, please click here

Data privacy

Data privacy Government

Microsoft reports jump in business email compromise activity

CSO Magazine

MAY 22, 2023

Cybersecurity activity around business email compromise (BEC) spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by the Microsoft Microsoft’s Digital Crimes Unit (DCU).

Social Engineering

Social Engineering Cybercrime Engineering Cybersecurity

App cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai says

CSO Magazine

APRIL 18, 2023

To read this article in full, please click here

Manufacturing

Manufacturing Healthcare Data collection Internet

BrandPost: Security Trends to Watch in 2023

CSO Magazine

FEBRUARY 9, 2023

It’s that time of year again when many of your favorite security professionals and vendors roll out their predictions for the coming year. Although not all of us have clairvoyant abilities, seasoned pros can spot a trend early and inform the rest of us before we’re caught off guard.

DDOS

DDOS Internet Internet

New cyberattack tactics rise up as ransomware payouts increase

CSO Magazine

FEBRUARY 28, 2023

These techniques have been used in targeted attacks for years, but 2020 saw them deployed at scale.” To read this article in full, please click here

Ransomware

Ransomware Phishing Authentication Cybersecurity

Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks

CSO Magazine

MARCH 22, 2023

That’s according to Continuity’s State of Storage and Backup Security Report 2023 , which revealed a significant gap in the state of enterprise storage and backup security compared to other layers of IT and network security.

Backups

Backups Risk Network Security

Dozens of cybersecurity efforts included in this year’s US NDAA

CSO Magazine

DECEMBER 15, 2022

Inhofe National Defense Authorization Act for Fiscal Year 2023, the legislation clocks in at over 4,408 pages. Each year the NDAA contains a wealth of primarily military cybersecurity provisions, delivering hundreds of millions, if not billions, in new cybersecurity funding to the federal government. This year’s bill is no exception.

Cybersecurity

Cybersecurity Government

One-third of enterprises don’t encrypt sensitive data in the cloud

CSO Magazine

SEPTEMBER 13, 2022

billion this year and expects it to reach nearly $600 billion in 2023. Gartner predicts that worldwide spending on public cloud computing services will rise 20.4% to a total of $494.7 To read this article in full, please click here

Encryption

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach

BrandPost: Top CSO Priority for 2023: Create a Strong Security Culture

Trending Sources

Most interesting products to see at RSA Conference 2023

Cybersecurity spending and economic headwinds in 2023

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

How 2023 cybersecurity budget allocations are shaping up

10 notable critical infrastructure cybersecurity initiatives in 2023

Top 10 open source software risks for 2023

5 key considerations for your 2023 cybersecurity budget planning

5 top threats from 2022 most likely to strike in 2023

P-to-P fraud most concerning cyber threat in 2023: CSI

Ransomware ecosystem becoming more diverse for 2023

Cybersecurity startups to watch for in 2023

Top cybersecurity M&A deals for 2023

What you should know when considering cyber insurance in 2023

Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition

Office of the Director of National Intelligence highlights cyber threats in 2023 Intelligence Threat Assessment

Judge Delays Enforcement of California Consumer Privacy Act to 2024

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

GitHub to mandate 2FA for all code contributors by 2023

5 top threats from 2022 most likely to strike in 2023

Uber Data Exposed After Law Firm's Breach

VulnRecap 1/29/24 – Apple, Apache & VMware Under Attack

Security Roundup October 2023

BrandPost: The Cloud Is Under Attack: The State of Cloud Security in 2023

Cyber arms race, economic headwinds among top macro cybersecurity risks for 2023

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

19 startups to check out at RSA Conference 2023

SEC Provides Clarity on Disclosing Material vs. Non-Material Cyber Incidents

BrandPost: Fortinet 2023 Skills Gap Report: How organizations can fill the talent shortage

December 15 Marks Deadline for SEC's New Cyber Disclosure Rules

CPRA explained: New California privacy law ramps up restrictions on data use

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

Three-quarters of businesses braced for ‘serious’ email attack this year

Hackers exploit WordPress vulnerability within hours of PoC exploit release

Latin American companies, governments need more focus on cybersecurity

Virginia data protection bill signed into law

Microsoft reports jump in business email compromise activity

App cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai says

BrandPost: Security Trends to Watch in 2023

New cyberattack tactics rise up as ransomware payouts increase

Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks

Dozens of cybersecurity efforts included in this year’s US NDAA

One-third of enterprises don’t encrypt sensitive data in the cloud

Stay Connected