Security Boulevard

APRIL 21, 2025

In this post, Tenable CSO Robert Huber shares practical advice on using an exposure management program to focus on risks that have business impact. Its a fairly simple trick of the mind: thinking that every risk deserves urgent attention. But Ive learned the hard way that not all risks are created equal.

Risk 52

Risk CSO Software 52

Jane Frankland

JANUARY 12, 2025

In this blog, I’m exploring these changes, grouped under key categories that I’ve used in previous years, to help business leaders and cyber risk owners better prepare for the evolving landscape. Critical infrastructure face heightened risk from targeted disruptions, as do small businesses who are the backbone of the economy.

Cybersecurity 130

Cybersecurity CISO Insurance IoT 130

Krebs on Security

DECEMBER 18, 2018

KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Not that these roles are somehow more or less important than that of a CISO/CSO within the organization.

CSO 266

CSO CISO Marketing Banking 266

Schneier on Security

DECEMBER 6, 2019

Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I've written about this before.

Risk 136

Risk CSO Software 136

The Last Watchdog

MAY 5, 2022

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. Best practices.

Ransomware 247

Ransomware Risk Internet Internet 247

CSO Magazine

JULY 30, 2021

Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats , and the challenges of securing remote workers. Unsurprisingly, half of those surveyed said they had seen an increase in security incidents at their organizations over the past year.

CSO 144

CSO Cybersecurity Ransomware Risk 144

CSO Magazine

NOVEMBER 17, 2021

Software composition analysis definition. Software composition analysis (SCA) refers to obtaining insight into what open-source components and dependencies are being used in your application, and how—all in an automated fashion. To read this article in full, please click here

Software 119

Software Risk 119

CSO Magazine

MARCH 1, 2023

Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. To read this article in full, please click here

Software 113

Software Risk 113

CSO Magazine

SEPTEMBER 1, 2021

The two bad practices are: Use of unsupported (or end-of-life) software. Get the latest from CSO by signing up for our newsletters. ] They are so broad in their “badness,” however, that any organization should take notice and ensure they are not doing them. Use of known/fixed/default passwords and credentials.

CSO 127

CSO Risk Architecture Passwords 127

CSO Magazine

MAY 25, 2021

A lack of cohesion between software development teams and cybersecurity functions compounds the software supply chain risks faced by organizations, making it all the more urgent for cybersecurity leaders and their teams to better engage with and educate developers.

Software 109

Software Risk Cyber Risk Education 109

CSO Magazine

MAY 25, 2022

The incident prompted warnings from CISA and other national CERTs and led to renewed discussion about security and the open-source software ecosystem and how developers consume and track their use of open-source components. To read this article in full, please click here

CSO 127

CSO Risk Software Government 127

CSO Magazine

JULY 27, 2022

The release is reflective of a wider industry trend of emerging standards and initiatives designed to tackle risks surrounding the software supply chain and DevOps tools. ggcanary features “highly sensitive” intrusion detection. To read this article in full, please click here

Software 94

Software Risk Internet Internet 94

CSO Magazine

MAY 11, 2022

As the fallout from the Apache Log4J vulnerabilities earlier this year shows, the biggest risks in enterprise software today are not necessarily with insecure code written directly by in-house software development teams. Modern software today is modular.

Software 119

Software Architecture Engineering Risk 119

CSO Magazine

APRIL 28, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance this week following the compromise of the SolarWinds software that affected thousands of entities across the United States and beyond. To read this article in full, please click here

Software 120

Software Risk Cybersecurity 120

CSO Magazine

NOVEMBER 12, 2021

The risk of cybercrime is not spread equally across the globe. Cyberthreats differ widely, with internet users in some countries at much higher risk than those in nations that offer more security due to strong cybercrime legislation and widely implemented cybersecurity programs, according to fraud-detection software company SEON.

Cybercrime 129

Cybercrime Risk Internet Internet 129

Security Boulevard

NOVEMBER 10, 2022

This week: Former Uber CSO is convicted for his attempted cover-up of a 2016 hack of the company. Also: A software supply chain attack has pushed out malware to at least 250 media sites. .

CSO 68

CSO Media Hacking Software 68

CSO Magazine

AUGUST 25, 2022

Cybersecurity and Infrastructure Security Agency (CISA), formed the Information and communications technology (ICT) Supply Chain Risk Management task force in an effort to unite public and private entities with the goal of developing an actionable strategy to enhance supply chain security. To read this article in full, please click here

Software 111

Software CISO Risk Technology 111

CyberSecurity Insiders

MARCH 16, 2022

[Tel Aviv, Israel – March 16, 2022 ] – Researchers from Cider Security , the world’s first AppSec Operating System, today published a new research report, “Top 10 CI/CD Security Risks”, detailing the major security risks to the CI/CD (Continuous Integration/Continuous Delivery) ecosystem. . “CI/CD The risks outlined are: .

Risk 109

Risk CISO Insurance CSO 109

CSO Magazine

SEPTEMBER 12, 2022

Open-source security has been high on the agenda this year, with a number of initiatives, projects, and guidance launched in 2022 to help improve the cyber resiliency of open-source code, software and development. Wheeler, director of open-source supply chain security at the Linux Foundation, tells CSO.

CSO 119

CSO Government Risk Software 119

Security Boulevard

DECEMBER 22, 2022

As CSOs, we have to protect the business and reduce risk, however in a series B startup that makes security-based products and services, I know my role is different. If I worked in a company that was making gaming software, the expectations of my role wouldn’t be […].

CSO 52

CSO Risk Software 52

Security Boulevard

APRIL 3, 2023

In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week. Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com,” GitHub CSO and SVP.

CSO 123

CSO Software Risk Government 123

CSO Magazine

SEPTEMBER 20, 2021

Sign up for CSO newsletters. ]. The FBI, CISA and the United States Coast Guard Cyber Command (CGCYBER) urge organizations who use the product to deploy the available patch as soon as possible and check their systems for signs of compromise. To read this article in full, please click here

CSO 113

CSO Password Management Passwords Risk 113

CSO Magazine

DECEMBER 1, 2022

The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don’t perform sufficient filtering when downloading artifacts.

Software 87

Software Risk Cybersecurity 87

SecureWorld News

AUGUST 26, 2020

The Inspector General's report summarizes the IRS and its IT environment like this: "The reliance on legacy systems, aged hardware and software, and use of outdated programming languages poses significant risks, including increased cybersecurity threats and maintenance costs. And how many legacy systems do we have?

Risk 98

Risk Cybersecurity CSO Technology 98

CSO Magazine

JUNE 23, 2022

Open-source software (OSS) has become a mainstay of most applications, but it has also created security challenges for developers and security teams, challenges that may be overcome by the growing "shift left" movement, according to two studies released this week.

Software 85

Software Risk 85

CSO Magazine

MARCH 8, 2023

It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security of software supply chains. Hard-coded secrets pose significant security risks because they are often stored in plain text, making it easier for attackers to extract them from source code.

Software 113

Software Risk 113

CSO Magazine

FEBRUARY 1, 2023

The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.

Risk 110

Risk Architecture Software 110

CSO Magazine

APRIL 21, 2023

At the end of March, an international VoIP software company called 3CX with over 600,000 business customers suffered a serious software supply-chain compromise that resulted in both its Windows and macOS applications being poisoned with malicious code.

Software 81

Software Risk Hacking Cybersecurity 81

CSO Magazine

MARCH 18, 2021

Once the bailiwick of Hollywood special effects studios and intelligence agencies producing propaganda, like the CIA or GCHQ's JTRIG directorate, today anyone can download deepfake software and create convincing fake videos in their spare time. To read this article in full, please click here

Risk 145

Risk Software 145

CSO Magazine

FEBRUARY 22, 2022

Software development platform GitHub has made its Advisory Database open to community contributions allowing anyone to contribute insight and intelligence on security vulnerabilities to help improve software supply chain security. Millions of developers and companies use GitHub to build, ship and maintain software.

Software 95

Software Risk 95

The Last Watchdog

APRIL 5, 2019

Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

Digital transformation 203

Digital transformation CSO Firewall Risk 203

The Last Watchdog

APRIL 30, 2019

I had the chance at RSA 2019 to visit with George Wrenn, founder and CEO of CyberSaint Security , a cybersecurity software firm that plays directly in this space. Prior to launching CyberSaint, Wrenn was CSO of Schneider Electric, a supplier of technologies used in industrial control systems. and the upcoming NIST Privacy Framework.

Cybersecurity 173

Cybersecurity Insurance Cyber Insurance Risk 173

The Security Ledger

APRIL 5, 2023

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data. The post Spotlight: Traceable CSO Richard Bird on Securing the API Economy appeared first.

CSO 52

CSO Digital transformation Cyber Attacks Financial Services 52

CSO Magazine

MARCH 28, 2023

Advisory and professional services giant PwC UK is partnering with security firm ReversingLabs to develop a third-party risk management (TPRM) platform to help businesses address software supply chain security risks. Software supply chain risks pose complex and ongoing challenges for businesses across the globe.

Software 65

Software Risk 65

CSO Magazine

JANUARY 10, 2022

In issuing its notice, the FTC underscored that organizations have legal obligations “to take reasonable steps to mitigate known software vulnerabilities.” Federal Trade Commission (FTC) issued a warning to companies to remediate the serious vulnerability in the popular open-source Java logging package Log4j to avoid future legal action.

Risk 129

Risk Software 129

CSO Magazine

AUGUST 2, 2022

Everyone knows the phrase “ software is eating the world ” by Marc Andreessen from over a decade ago. Software powers and touches nearly every aspect of modern society, both personally and professionally, and is critical to the modern economy and national security. To read this article in full, please click here

Software 72

Software Risk 72

CSO Magazine

MARCH 12, 2023

It has been said that every business is a software business. Becoming a software business entails both rewards and risks. The reward is a competitive edge; the risks are often misunderstood and poorly managed at the highest levels of leadership. Software is the enabler. But what does that mean?

Risk 56

Risk Digital transformation Software Technology 56