CSO Magazine

MAY 27, 2021

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts. These credentials fuel the underground economy and are used for everything from spam to phishing and account takeovers. Get the latest from CSO by signing up for our newsletters. ]

CSO 119

CSO Passwords Data breaches Accountability 119

CSO Magazine

JANUARY 13, 2022

Credential stuffing is a cyberattack in which exposed usernames and passwords are used to gain fraudulent access to user accounts through large-scale, automated login requests. To read this article in full, please click here Attackers are asking: What does it look like to make a legitimate request? How can we emulate that?

CSO 130

CSO Data breaches Passwords Accountability 130

CSO Magazine

MAY 25, 2023

Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. To read this article in full, please click here

Accountability 91

Accountability Risk Passwords 91

CSO Magazine

JUNE 8, 2021

In December 2020, the US Government Accounting Office (GAO) made 145 recommendations to 23 federal agencies relating to supply chain risks. Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ]. To read this article in full, please click here

Government 121

Government CSO Risk Technology 121

CSO Magazine

MAY 3, 2022

When CISOs fail to maintain positive working relationships with their security vendors they will often see their vendor provide less of a priority on their needs and overall responsiveness can be delayed, and in worst cases they may be flagged as a toxic account that no sales representative wants to be assigned,” he says.

CISO 128

CISO CSO Accountability Cybersecurity 128

CSO Magazine

MARCH 24, 2023

"Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. To read this article in full, please click here

CSO 111

CSO Authentication Engineering Internet 111

CSO Magazine

MAY 6, 2021

Over the next few days, over 30,000 organizations in the US were attacked as hackers used several Exchange vulnerabilities to gain access to email accounts and install web shell malware , giving the cybercriminals ongoing administrative access to the victims' servers. To read this article in full, please click here

Hacking 116

Hacking CSO Accountability Malware 116

CSO Magazine

DECEMBER 19, 2022

The organizations with the best chance of minimizing threats are those that build and sustain a culture of awareness and accountability. Here are some ways to do that: To read this article in full, please click here

Accountability 111

Accountability Cybersecurity Phishing Technology 111

CSO Magazine

JUNE 21, 2021

. | Sign up for CSO newsletters. ]. Can you, the CISO, or your team in charge of the ITAD, describe how each device provisioned and issued within the company is tracked, the data on the device is accounted for, and when and how that device is removed from the company ecosystem in a way the company and its customers’ data is protected?

CISO 116

CISO Risk CSO Technology 116

CSO Magazine

DECEMBER 14, 2022

Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. To read this article in full, please click here In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products."

Accountability 106

Accountability Ransomware Software 106

CSO Magazine

MAY 3, 2023

Google has begun rolling out support for passkeys across Google Accounts on all major platforms, adding a new sign-in option that can be used alongside passwords and two-step verification. To read this article in full, please click here

Accountability 105

Accountability Passwords 105

CSO Magazine

MAY 17, 2023

Researchers from security firm Proofpoint investigated how attackers could abuse access to a Teams account and found some interesting attack vectors that could allow hackers to move laterally by launching further phishing attacks or getting users to download malicious files. To read this article in full, please click here

Accountability 105

Accountability Phishing Risk 105

CSO Magazine

MAY 28, 2021

These efforts recently escalated with an attack launched from a hijacked email marketing account belonging to USAID and targeted around 3,000 people across over 150 organizations in 24 countries. Sign up for CSO newsletters. ]. To read this article in full, please click here

CSO 105

CSO Government Marketing Hacking 105

CSO Magazine

MARCH 7, 2023

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information."

Accountability 95

Accountability Manufacturing Government Malware 95

CSO Magazine

APRIL 13, 2022

Sign up for CSO newsletters. ]. Murphy, manager of cybersecurity at Schneider Downs, a certified public accounting and business advisory firm, says he once investigated the root cause of a ransomware attack at a company and traced the incident back to a worker who had clicked on an invoice for pickles.

Penetration Testing 95

Penetration Testing CSO Phishing Passwords 95

CSO Magazine

JULY 26, 2022

Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular.

Accountability 80

Accountability Malware Media Phishing 80

CSO Magazine

APRIL 7, 2021

If the KRBTGT account password hash is stolen or broken with an attack, the attackers can then grant themselves full access to your network with the necessary authentication. To read this article in full, please click here (Insider Story) Active Directory (AD) uses the KRBTGT in the AD domain for Kerberos tickets.

Passwords 90

Passwords Accountability Authentication 90

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

CSO Magazine

MAY 21, 2021

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s servers, even if the users set their account profiles as private. To read this article in full, please click here (Insider Story)

Accountability 135

Accountability Internet Internet 135

CSO Magazine

JANUARY 5, 2023

The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials. To read this article in full, please click here

Accountability 87

Accountability 87

CSO Magazine

NOVEMBER 28, 2022

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. To read this article in full, please click here Marketers want to collect data about customers and their devices.

CSO 80

CSO Data collection Marketing Accountability 80

CSO Magazine

JUNE 7, 2021

To read this article in full, please click here (Insider Story) Researchers from cloud security firm Lightspin identified quirks in S3 bucket permissions that appear to be a common source of confusion among administrators.

Accountability 97

Accountability 97

CSO Magazine

JUNE 3, 2021

As Roger Grimes wrote in this article about two-factor hacks three years ago, when MFA is done well it can be effective, but when IT managers take shortcuts it can be a disaster. of compromised accounts did not use MFA at all and only 11% of enterprise accounts are protected by some MFA method.

Hacking 122

Hacking Accountability Authentication 122

CSO Magazine

APRIL 29, 2021

Ransomware, the " perfect crime " of the internet era, is spreading rapidly, growing according to some accounts by 150% or more in 2020. To read this article in full, please click here There are no signs of a slow-down in 2021.

Ransomware 138

Ransomware Internet Internet Accountability 138

CSO Magazine

JULY 7, 2021

However, I wanted to get a head start to see if my domain was vulnerable to attacks that could result in account or domain takeover. To read this article in full, please click here (Insider Story)

Network Security 138

Network Security Accountability Risk 138

Security Boulevard

DECEMBER 5, 2022

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. To read this article in full, please click here. Leer más CSO Online.

Media 74

Media CSO Accountability 74

CSO Magazine

SEPTEMBER 29, 2021

Two-factor authentication (2FA) has been widely adopted by online services over the past several years and turning it on is probably the best thing users can do for their online account security. To read this article in full, please click here

Cybercrime 136

Cybercrime Authentication Passwords Accountability 136

CSO Magazine

MAY 19, 2022

Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised. To read this article in full, please click here

Accountability 65

Accountability Phishing Passwords Cybersecurity 65

CSO Magazine

SEPTEMBER 22, 2022

While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it. To read this article in full, please click here It's a simple yet effective technique that has become known as MFA fatigue and was also used in the recent Uber breach.

Authentication 141

Authentication Network Security Accountability 141

CSO Magazine

AUGUST 4, 2021

Cisco also surveyed consumers about how comfortable they feel with using their fingerprints to access online accounts, and 69% said they are very or somewhat comfortable. To read this article in full, please click here

Authentication 136

Authentication Accountability 136

CSO Magazine

SEPTEMBER 23, 2021

The commissioners recognized how the applications and devices did not fall within the scope of the Health Insurance Portability and Accountability Act ( HIPAA ), but the entities should “face accountability when consumers sensitive health information is compromised.” To read this article in full, please click here

Insurance 120

Insurance Accountability 120

CSO Magazine

NOVEMBER 23, 2022

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. To read this article in full, please click here

Media 118

Media Accountability 118

CSO Magazine

MARCH 9, 2022

TA416 (aka RedDelta ) is known to have been targeting Europe for several years using web bugs to profile target accounts, according to a research report by Proofpoint. To read this article in full, please click here

Social Engineering 126

Social Engineering Accountability Engineering Cybersecurity 126

CSO Magazine

APRIL 20, 2022

This has happened as the cybercrime cartels have evolved beyond wire transfer frauds to target market strategies, take over brokerage accounts, and island-hop into banks, according to the report. To read this article in full, please click here

Ransomware 131

Ransomware Banking CISO Cybercrime 131

CSO Magazine

MARCH 2, 2023

Booking.com, one of the world's largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. To read this article in full, please click here

Accountability 66

Accountability Risk 66

CSO Magazine

NOVEMBER 22, 2021

Account takeovers (due to reused passwords), business email compromises, payment fraud, specialized mobile malware, and spam messages that contain hidden malware or poisoned web links. To read this article in full, please click here That places a heavy burden on any email security solution.

Phishing 127

Phishing Mobile Passwords Malware 127

CSO Magazine

JUNE 23, 2021

With the recent Colonial Pipeline attack , the initial infection point was reportedly an old, unused, but still open VPN account. The VPN account did not have two-factor authentication ( 2FA ) enabled, allowing the attacker to merely log in. To read this article in full, please click here (Insider Story)

VPN 117

VPN Accountability Phishing Authentication 117