CSO Online
11,580 FOLLOWERS
CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership. CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal..
CSO Online
13h ago
Researchers warn that thousands of servers have been compromised over the past seven months because of lack of authentication by default in an open-source compute framework called Ray, which is used to distribute machine learning and AI workloads. The framework’s developers don’t recognize the lack of built-in authentication as a vulnerability since it’s an intentional and documented design decision, but this hasn’t stopped organizations from exposing deployments to the internet.
“Thousands of companies and servers running AI infrastructure are exposed to the attack through a critical vulner ..read more
CSO Online
13h ago
Iran launched its own campaign targeting Israel as the war commenced on October 7. Initially, Iran’s efforts were reactive, and its influence campaign focused on disseminating misleading information.
Iranian and Iran-affiliated groups quickly grew more coordinated in their efforts, adding targeted cyberattacks to add to the confusion and mayhem about the situation on the ground. As time has worn on, this two-pronged approach is expanding its reach worldwide to involve more nations and impact the global dialogue about the ongoing conflict.
The evolving nature of Iran’s campaign presents both ..read more
CSO Online
21h ago
Cybersecurity preparedness and financial success are strongly correlated with companies that maintain strong security measures, outperforming peers with only basic defenses by as much as 372% in shareholder returns, according to a report by Diligent and Bitsight.
The report, which analyzed data from more than 4,000 global companies, found that over a three-year period, the average total shareholder return for companies with advanced security performance ratings was 67%, compared to 14% for companies with only basic ratings.
Over a period of five years, companies in the advanced performance r ..read more
CSO Online
21h ago
Cyberattacks on utilities more than doubled from 2020 to 2022. It’s likely the case that the rapid growth of connected assets is outstripping security capabilities. One analyst firm predicts that by 2026, industrial organizations will have more than 15 billion new and legacy assets connected to the cloud, internet, and 5G.
Security and IT leaders at utilities should consider a Zero Trust approach as they confront this threat. Zero Trust is a popular cybersecurity strategy that eradicates implicit trust and continuously validates every stage of a digital interaction. It’s a practical and help ..read more
CSO Online
21h ago
In a revelation stemming from a recently unsealed court document, Meta, formerly Facebook, is being sued by a group of advertisers for its alleged secret project, “Project Ghostbusters,” a moniker seemingly inspired by Snapchat’s ghost logo. This project raises concerns about digital espionage and competition tactics.
The crux of the matter, as outlined in the court filing, revolves around Meta’s In-App Action Panel (IAAP) program, which was active between June 2016 and May 2019. “The IAAP program, launched at the request of Mark Zuckerberg (CEO of Meta), used a cyberattack method called ‘SS ..read more
CSO Online
1d ago
When someone asks a CISO, “Are you okay,” it’s more than just a polite inquiry. It’s an acknowledgment of the visible strain that our intense, high-stakes environment can have on us. This question, especially coming from colleagues in non-technical roles, often reflects their observation of the weariness and preoccupation that our challenging role can imprint on us.
Every day in the life of a CISO involves a relentless stream of challenges: staying ahead of evolving cyber threats, aligning security strategies with business and IT goals, and managing crises that demand immediate and effective ..read more
CSO Online
2d ago
A platform called Top.gg that’s used to publish bots for the popular Discord chat app recently had one of its GitHub repositories poisoned with malicious code as part of a larger software supply chain attack. The incident highlights the snowball effect that even one malicious package dependency could have in the larger open-source ecosystem.
“This campaign is a prime example of the sophisticated tactics employed by malicious actors to distribute malware through trusted platforms like PyPI and GitHub,” researchers from application and supply chain security firm Checkmarx said in an analysis o ..read more
CSO Online
2d ago
If you hear the term “microbranch,” you probably picture a small banking location with a handful of ATMs. For many years, this term was specific to the financial industry, but as remote work and internet-connected devices have grown more common, the definition has evolved to include any small remote office associated with a larger corporation. This could be a home office, a shared workspace for a handful of employees, or a remote industrial location.
Modern enterprises must protect and manage hundreds of sites, including data centers and high-traffic branches, and address pressing needs like ..read more
CSO Online
2d ago
Telesign, a customer identity and engagement solutions provider, has integrated multiple user verification channels into a unified, silent verification offering, Verify API, to help organizations defend themselves against cyberfrauds.
The “omnichannel API” will help integrate seven commonly preferred authentication channels, including SMS, Silent Verification, Push, Email, WhatsApp, Viber, and RCS (Rich Communication Services).
“In today’s digital economy, fraud is prevalent in every corner, and safeguarding end-users from potential online threats is more important than ever,” said Chris Ste ..read more
CSO Online
2d ago
Nearly every organization in the world depends on software as a service (SaaS). Medium- to large-sized companies can have more than 130 SaaS applications and for those employing more than 10,000 people, that number might exceed 400. When data is stored in so many places and handled by many parties, it’s not uncommon for security issues to arise, especially if the contracts with the providers have not been negotiated properly.
It recently happened to Bloomtech co-founder Austen Allred, who found himself unable to export his company’s data from Slack without agreeing to a new, costly contract ..read more