Accountability, Article, CSO and Cybersecurity

BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity

CSO Magazine

DECEMBER 19, 2022

Effective cybersecurity relies only in part on technology. The organizations with the best chance of minimizing threats are those that build and sustain a culture of awareness and accountability. Here are some ways to do that: To read this article in full, please click here

Accountability

Accountability Cybersecurity Phishing Technology

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

CSO Magazine

AUGUST 3, 2021

The US General Accountability Office (GAO) issued the 19-page report , “Cybersecurity and Information Technology: Federal Agencies need to Strengthen Efforts to Address High-Risk Areas” on July 29. Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan.

CSO

CSO Cybersecurity Government Accountability

CSO's ultimate guide to security and privacy laws, regulations, and compliance

CSO Magazine

JANUARY 28, 2021

CSO's ultimate guide to security and privacy laws, regulations, and compliance Security and privacy laws, regulations, and compliance: The complete guide This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Health Insurance Portability and Accountability Act (HIPAA).

CSO

CSO Financial Services Consumer Protection Data privacy

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Critical flaw in AI testing framework MLflow can lead to server and data compromise

CSO Magazine

MARCH 24, 2023

"Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. To read this article in full, please click here

CSO

CSO Authentication Engineering Internet

Secrets to building a healthy CISO-vendor partnership

CSO Magazine

MAY 3, 2022

Effective partnerships between CISOs and their cybersecurity vendors are integral to security success. A well-oiled relationship built on trust, communication and mutual understanding can reap significant benefits for a business’s cybersecurity posture. To read this article in full, please click here

CISO

CISO CSO Cybersecurity Accountability

New Facebook malware targets business accounts

CSO Magazine

JULY 26, 2022

Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular.

Accountability

Accountability Malware Media Phishing

Who is your biggest insider threat?

CSO Magazine

APRIL 13, 2022

Penetration testing has shown cybersecurity manager David Murphy just how problematic people can be. Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ].

Penetration Testing

Penetration Testing CSO Phishing Passwords

The 7 best password managers for business

CSO Magazine

AUGUST 30, 2021

Enterprise-class password managers have become one of the easiest and most cost-effective ways to help employees lock down their online accounts. Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. Sign up for CSO newsletters. ].

Password Management

Password Management Passwords CSO Accountability

BrandPost: It’s Time to Create More Opportunities for Women in Cybersecurity

CSO Magazine

MARCH 3, 2023

Undoubtedly, our industry needs to create more initiatives to attract a more diverse group of professionals—including women—to STEM-focused careers like cybersecurity. While women make up nearly 50% of the world’s population, they only account for an estimated 24% of the cybersecurity workforce.

Cybersecurity

Cybersecurity Accountability

Guardz debuts with cybersecurity-as-a-service for small businesses

CSO Magazine

JANUARY 31, 2023

Guardz, a Tel Aviv-based startup promising a broad range of out-of-the-box cybersecurity solutions for small and medium-size businesses (SMBs), has announced both a successful $10 million round of seed funding and the broad availability of its flagship product. To read this article in full, please click here

Small Business

Small Business Cybersecurity Threat Detection Accountability

GAO calls out US government agencies: Get your supply chain security act together

CSO Magazine

JUNE 8, 2021

In December 2020, the US Government Accounting Office (GAO) made 145 recommendations to 23 federal agencies relating to supply chain risks. In May 2021, the GAO’s director of information technology and cybersecurity, Vijay A. Get the latest from CSO by signing up for our newsletters. ].

Government

Government CSO Risk Accountability

Uber responding to “cybersecurity incident” following reports of significant data breach

CSO Magazine

SEPTEMBER 16, 2022

Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems. Attacker announces Uber breach through compromised Slack account.

Data breaches

Data breaches Cybersecurity Accountability Engineering

Millennials and Gen Z less likely to observe cybersecurity protocols than their elders

CSO Magazine

OCTOBER 18, 2022

Millennials and Gen Z employees in the US are much less likely to prioritize or adhere to cybersecurity protocols than their older Gen X and Baby Boomer counterparts, according to a recent survey by EY Consulting. To read this article in full, please click here

Cybersecurity

Cybersecurity Passwords Accountability

Two account compromise flaws fixed in Strapi headless CMS

CSO Magazine

MAY 19, 2022

Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised. To read this article in full, please click here

Accountability

Accountability Phishing Passwords Cybersecurity

IT asset disposal is a security risk CISOs need to take seriously

CSO Magazine

JUNE 21, 2021

Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. Sign up for CSO newsletters. ]. To read this article in full, please click here

CISO

CISO Risk CSO Accountability

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

CSO Magazine

MAY 28, 2021

These efforts recently escalated with an attack launched from a hijacked email marketing account belonging to USAID and targeted around 3,000 people across over 150 organizations in 24 countries. Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan.

CSO

CSO Government Marketing Hacking

AWS launches new cybersecurity service Amazon Security Lake

CSO Magazine

NOVEMBER 30, 2022

Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account, the company said in a statement. To read this article in full, please click here

Cybersecurity

Cybersecurity Accountability Risk

CISO’s Guide to Presenting Cybersecurity to Board Directors

CyberSecurity Insiders

MARCH 30, 2023

Seasoned CISOs/CSOs understand the importance of effectively communicating cyber risk and the need for investment in cybersecurity defense to the board of directors. To ensure cybersecurity becomes a strategic part of the corporate culture, it is crucial for CISOs to present the topic in a clear, concise, and compelling manner.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

Concentric launches new data privacy and cybersecurity solution Eclipse

CSO Magazine

JULY 12, 2022

Private risk consultancy firm Concentric has announced the launch of Eclipse, a new “turnkey solution” designed to provide enhanced cybersecurity and digital privacy to users. In a press release , Concentric stated that Eclipse packages are available to all users in three different tiers: To read this article in full, please click here

Data privacy

Data privacy Cybersecurity Cybercrime Accountability

Let’s pump the brakes on the rush to incorporate AI into cybersecurity

CSO Magazine

APRIL 5, 2023

To read this article in full, please click here To some, recent AI developments are a laughing matter. In reality, it was an April fool’s prank with MITRE’s social media team cranking out funny answers in the guise of a chatbot.

Artificial Intelligence

Artificial Intelligence Media Cybersecurity Accountability

Attacker uses the Azure Serial Console to gain access to Microsoft VM

CSO Magazine

MAY 17, 2023

Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant. To read this article in full, please click here UNC3944 has been active since May 2022.

Accountability

Accountability Phishing Software Cybersecurity

Android-based banking Trojan Nexus now available as malware-as-a-service

CSO Magazine

MARCH 24, 2023

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. To read this article in full, please click here

Banking

Banking Malware Cryptocurrency Accountability

Google Cloud launches Cryptomining Protection Program

CSO Magazine

JUNE 8, 2023

According to Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report , threat actors frequently targeted weak and default passwords to access Google Cloud accounts. Once inside the compromised cloud accounts, they performed cryptomining 65% of the time. To read this article in full, please click here

Accountability

Accountability Passwords Cybersecurity

Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign

CSO Magazine

JUNE 14, 2023

Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. "In To read this article in full, please click here

Phishing

Phishing Accountability Malware Cybersecurity

China-aligned APT renews cyberattack on European diplomats, as war rages

CSO Magazine

MARCH 9, 2022

Proofpoint cybersecurity researchers have identified ramped-up activities by China-aligned APT (advanced persistent threat) actor TA416, targeting European diplomatic entities as the war between Russia and Ukraine intensifies. To read this article in full, please click here

Social Engineering

Social Engineering Accountability Engineering Cybersecurity

GitHub begins 2FA rollout for code contributors

CSO Magazine

MARCH 9, 2023

GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. To read this article in full, please click here

Mobile

Mobile Software Authentication Accountability

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

SecureWorld News

JUNE 26, 2023

According to a SolarWinds spokesperson quoted in the CNN article: "We are cooperating in a long investigative process that seems to be progressing to charges by the SEC against our company and officers. While these Wells Notices are official investigations, they are a sign of a potential intent to investigate the CISO and CFO.

CISO

CISO CSO Data privacy Cyber Risk

BrandPost: Improving Cyber Hygiene with Multi-Factor Authentication and Cyber Awareness

CSO Magazine

DECEMBER 2, 2022

Using multi-factor authentication (MFA) is one of the key components of an organizations Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. This is a primary reason why MFA was a key topic for this year’s cybersecurity awareness month. To read this article in full, please click here

Authentication

Authentication Accountability Cybersecurity

Attackers set up rogue GitHub repos with malware posing as zero-day exploits

CSO Magazine

JUNE 14, 2023

The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms. To read this article in full, please click here

Malware

Malware Accountability Cybersecurity

GAO warns government agencies: focus on IoT and OT within critical infrastructure

CSO Magazine

DECEMBER 15, 2022

The US Government Accounting Office (GAO) continues to highlight shortcomings in the cybersecurity posture of government entities responsible for the protection of United States infrastructure when it comes to internet of things (IoT) and operational technology (OT) devices and systems. To read this article in full, please click here

IoT

IoT Government Internet Internet

4 steps to better security hygiene and posture management

CSO Magazine

APRIL 9, 2021

As the old security adage goes, “a well-managed network/system is a secure network/system," and this notion of network and system management is a cybersecurity foundation. NIST Cybersecurity framework), international standard (e.g., To read this article in full, please click here Pick any framework (e.g.,

Cybersecurity

Cybersecurity Accountability

Cybercriminals are increasingly using info-stealing malware to target victims

CSO Magazine

NOVEMBER 25, 2022

The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model. To read this article in full, please click here This data is then sold or used for fraud on the dark web.

Malware

Malware Scams Banking Media

Unpatched old vulnerabilities continue to be exploited: Report

CSO Magazine

MARCH 2, 2023

The report is based on Tenable Research team’s analysis of cybersecurity events, vulnerabilities and trends throughout 2022, including an analysis of 1,335 data breach incidents publicly disclosed between November 2021 and October 2022. billion records were exposed, which accounted for 257 terabytes of data.

Data breaches

Data breaches Accountability Cybersecurity

SentinelOne to buy Attivo Networks for $617M, bringing ID-based security to XDR platform

CSO Magazine

MARCH 15, 2022

In a move designed to bolster its XDR (extended detection and response) platform, Singularity, to defend against the latest cybersecurity threats, endpoint security vendor SentinelOne plans to acquire IAM (identity and access management) provider Attivo Networks for $616.5 To read this article in full, please click here

Accountability

Accountability Cybersecurity

BrandPost: The Zero-Trust Pillars of Security

CSO Magazine

JULY 7, 2022

According to the NIST , “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. To read this article in full, please click here

Architecture

Architecture Accountability Cybersecurity

How attackers sidestep the cyber kill chain

CSO Magazine

MARCH 7, 2022

"The cyber kill chain was a great way to break down the classic steps in a breach," says Michael Salihoglu, cybersecurity managing consultant at Crowe, a public accounting, consulting, and technology firm. To read this article in full, please click here

Accountability

Accountability Technology Malware Cybersecurity

Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation

CSO Magazine

MAY 31, 2023

Cybersecurity vendors Trellix and Netskope have announced new support for Amazon Security Lake from AWS, which became generally available on May 30. The service automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account.

Threat Detection

Threat Detection Accountability Cybersecurity

Beyond Awareness: How to Cultivate the Human Side of Security

CyberSecurity Insiders

MAY 16, 2022

By Amanda Fennell, CSO and CIO, Relativity. Security programs must shoulder accountability for setting employees in different roles up for success. Effective learning management systems are available that take into account the human attention span. But tools and processes alone are two variables in an incomplete equation.

CSO

CSO Passwords Password Management Accountability

BrandPost: Deconstructing Identity Security

CSO Magazine

MARCH 22, 2023

Most companies now recognize the serious and insidious nature of cybersecurity threats. To read this article in full, please click here This surge in identities has exponentially increased the likelihood of cyberattacks, undercutting the effectiveness of traditional identity and access management (IAM) paradigms.

Cloud Migration

Cloud Migration Digital transformation Authentication Passwords

Cisco admits hack on IT network, links attacker to LAPSUS$ threat group

CSO Magazine

AUGUST 11, 2022

IT, networking, and cybersecurity solutions giant Cisco has admitted suffering a security incident targeting its corporate IT infrastructure in late May 2022. To read this article in full, please click here

Hacking

Hacking Accountability Cybersecurity

Safe Security debuts two free risk assessment tools for businesses

CSO Magazine

AUGUST 16, 2022

Cybersecurity risk assessment company Safe Security on Tuesday rolled out two new online risk assessment tools for businesses to use, in order to help them understand their vulnerability to cyberattacks and the costs of insuring against them. To read this article in full, please click here

Risk

Risk Cyber Insurance Insurance Data breaches

BrandPost: How to Improve Security with a Zero Trust Approach

CSO Magazine

SEPTEMBER 13, 2022

According to the NIST , “Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. To read this article in full, please click here

Architecture

Architecture Accountability Technology Cybersecurity

BrandPost: Everything SMBs Need to Know About Ransomware in 2021

CSO Magazine

AUGUST 13, 2021

But did you know small and medium-size businesses (SMBs) account for at least half of all ransomware attacks, if not closer to two-thirds, according to the U.S. First, it comes down to sheer numbers: SMBs are the heart of most economies, accounting for 90% of businesses worldwide and representing over 50% of employment.

Ransomware

Ransomware Digital transformation Insurance Encryption

Notification no-nos: What to avoid when alerting customers of a breach

SC Magazine

JUNE 11, 2021

For instance, Winick cited a 2017 New York Post article that suggested credit rating company Equifax had blamed its software vendor for a major breach, “thus violating another crisis communications commandment of ‘Be accountable.’” To borrow from the U.S.

Data breaches

Data breaches Media Identity Theft CSO

BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

Webinars

Trending Sources

CSO's ultimate guide to security and privacy laws, regulations, and compliance

Webinars

Critical flaw in AI testing framework MLflow can lead to server and data compromise

Secrets to building a healthy CISO-vendor partnership

New Facebook malware targets business accounts

Who is your biggest insider threat?

The 7 best password managers for business

BrandPost: It’s Time to Create More Opportunities for Women in Cybersecurity

Guardz debuts with cybersecurity-as-a-service for small businesses

GAO calls out US government agencies: Get your supply chain security act together

Uber responding to “cybersecurity incident” following reports of significant data breach

Millennials and Gen Z less likely to observe cybersecurity protocols than their elders

Two account compromise flaws fixed in Strapi headless CMS

IT asset disposal is a security risk CISOs need to take seriously

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

AWS launches new cybersecurity service Amazon Security Lake

CISO’s Guide to Presenting Cybersecurity to Board Directors

Concentric launches new data privacy and cybersecurity solution Eclipse

Let’s pump the brakes on the rush to incorporate AI into cybersecurity

Attacker uses the Azure Serial Console to gain access to Microsoft VM

Android-based banking Trojan Nexus now available as malware-as-a-service

Google Cloud launches Cryptomining Protection Program

Microsoft Office 365 AitM phishing reveals signs of much larger BEC campaign

China-aligned APT renews cyberattack on European diplomats, as war rages

GitHub begins 2FA rollout for code contributors

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

BrandPost: Improving Cyber Hygiene with Multi-Factor Authentication and Cyber Awareness

Attackers set up rogue GitHub repos with malware posing as zero-day exploits

GAO warns government agencies: focus on IoT and OT within critical infrastructure

4 steps to better security hygiene and posture management

Cybercriminals are increasingly using info-stealing malware to target victims

Unpatched old vulnerabilities continue to be exploited: Report

SentinelOne to buy Attivo Networks for $617M, bringing ID-based security to XDR platform

BrandPost: The Zero-Trust Pillars of Security

How attackers sidestep the cyber kill chain

Trellix, Netskope announce new Amazon Security Lake support to enhance threat detection, remediation

Beyond Awareness: How to Cultivate the Human Side of Security

BrandPost: Deconstructing Identity Security

Cisco admits hack on IT network, links attacker to LAPSUS$ threat group

Safe Security debuts two free risk assessment tools for businesses

BrandPost: How to Improve Security with a Zero Trust Approach

BrandPost: Everything SMBs Need to Know About Ransomware in 2021

Notification no-nos: What to avoid when alerting customers of a breach

Stay Connected