A group of European law enforcement agencies broke a cyberthief-created secure messaging app and monitored their discussions in real time. The implications for CISOs: However little you now trust encryption, trust it a lot less.
Read full story
When the US Justice Department unsealed documents on Wednesday revealing the arrests of key Scattered Spider suspects, it showed how easily they were able to cut through the gang's anonymization efforts.
Read full story
NIST wants agencies to move off current encryption by 2035, but analysts say that enterprises cannot wait nearly that long; state actors are expected to achieve quantum at scale by 2028.
Read full story
In statements that some labeled vague and confusing, Microsoft further embraced passkeys — and is decidedly not embracing CISOs who don’t want them.
Read full story
This
CSO piece covers Marriott's settlement with both the Federal Trade Commission and almost every American state to partially close the loop on the fallout from three major data breaches between 2014 and 2020 impacting more than 344 million customers. But the terms of the settlements are worrying some cybersecurity executives.
Read full story
The European Union is now arguing various versions of encryption backdoor rules, but they are not expected to agree on much. Their members, though, are likely to each create their own contradictory rules.
Read full story
This
CSO piece covers a consent decree negotiated between the agency and the telco, T-Mobile also promised to more heavily invest in cybersecurity overall.
Read full story
This
CSO piece covers recent news that Fortra has announced what it dubs a Microsoft security hole. There is no dispute that the privilege escalation issue exists, but there is much argument over whether it's a flaw.
Read full story
This
CSO piece discusses the ability to differentiate bots from humans is becoming increasingly critical. Near infinite scalability of fake AI humans on the cheap makes human impersonation an awfully powerful weapon for bad actors.
Read full story
This
CSO piece examines the latest confirmation from Microsoft. It has finally fixed a vexing glitch that locked Authenticator users out of their accounts — something just about every other authenticator app has avoided since inception.
Read full story
This
CSO piece examines how the Dutch data protection authority is considering pursuing the face recognition company's directors for privacy violations next.
Read full story
This
CSO piece looks at the typical enterprise leveraging a dozen cloud vendors globally, there are plenty of ways for security nightmares to sneak in. Here are a few lesser-known issues that could haunt you.
Read full story
This
CSO piece looks at the unanswered questions regarding CrowdStrike's processes that led to a global Windows outage strike at central issues of trust, transparency, validation, and interdependency for CISOs, which could result in a rethink given the stakes and ease of defection.
Read full story
This
CSO piece looks at how the Microsoft Authenticator experience can go beyond momentary frustration to full-blown panic as end-users become locked out of their accounts. Despite user complaints for years, no fix has been issued, leaving IT experts wondering, 'Why would you pick Microsoft?'
Read full story
This
CSO piece looks into reports identifying a $75 million ransom payment made in March by a Fortune 50 company raise some questions.
Read full story
This
CSO piece looks at an increase in attackers seeking out non-human identities, as ultra-easy onramps to everything of value in your enterprise. The solution? Stop treating NHIs as though they are another human end-user.
Read full story
This
CSO piece looks at the SEC lawsuit against SolarWinds where the court dismissed most of the SEC's charges, the by far most serious charge – securities fraud by both the company and its CISO – survived. CISOs have little reason to celebrate.
Read full story
This
CSO piece looks at how the CISO role is undergoing a sea change, requiring a range of seemingly contradictory skills and experiences. Here's how experts see the role evolving — and how hiring execs assess the blend of "Mother Teresa and a kamikaze pilot," as one CIO puts it, necessary to succeed as a CISO today.
Read full story
This
CSO piece looks at first cybersecurity incident where the Justice Department initially allowed an enterprise to not disclose.
Read full story
This
CSO piece looks at how the service was unsustainable but those in the email deliverability industry expressed mixed feelings about the closure.
Read full story
This
CSO piece looks at how it's not clear how many of the decryption keys are still viable, but it's likely to be a boon for many enterprise victims who did not pay the ransom.
Read full story
This
CSO piece examines how Microsoft has opted not to fix the issue reported by Tenable Research, but many defend that decision, arguing that this should be decided by CISOs based on their environment.
Read full story
This
CSO piece examines the amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers.
Read full story
This
CSO piece looks at how the US government is moving to address the challenges of quantum computing, cloud strategies, and generative AI, Anthony Blinken said in a speech that was light on specifics.
Read full story
This
CSO piece examines Marriot's revelation in a court case around a massive 2018 data breach that it had been using secure hash algorithm 1 and not the much more secure AES-1 encryption as it had earlier maintained.
Read full story
This
CSO piece examines how the decision puts pressure on CISOs and those crafting SEC filings as wording could be judged as "half-truths" and considered misleading.
Read full story
This
CSO piece looks at how generative AI can create fake documents and personal histories that fool common know-your-customer authentication practices.
Read full story
This
CSO piece looks at existing cloud security practices, platforms, and tools that will only go so far in protecting organizations from threats inherent to the use of AI's large language models.
Read full story
This
CSO piece answers the question: New accountant certification rules starting January 2024 could deliver many new cybersecurity-trained accountants. Is this good or bad news for CISOs?
Read full story
This
CSO story looks at how CISOs could find themselves in a painful Catch-22 situation when the US Securities and Exchange Commission's new cybersecurity rules are enacted in December.
Read full story
This
CSO story looks at cyber criminals leveraging improved capabilities and vulnerabilities introduced during the COVID crisis to improve the efficiency of their attacks.
Read full story