This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-16T22:14:29+00:00 www.secnews.physaphae.fr CSO - CSO Daily Dashboard 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions.The firm surveyed 492 DFIR professionals in North America and Europe, the Middle East, and Africa working in organizations in industries such as technology, manufacturing, government, telecommunications, and healthcare. Respondents described the current cybercrime landscape as one that is evolving beyond ransomware and taking a toll on their ability to investigate threats and incidents, Magnet Forensics said.To read this article in full, please click here]]> 2023-02-16T06:15:00+00:00 https://www.csoonline.com/article/3688228/evolving-cyberattacks-alert-fatigue-creating-dfir-burnout-regulatory-risk.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8310848 False Ransomware,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-02-14T02:00:00+00:00 https://www.csoonline.com/article/3687733/measuring-cybersecurity-the-what-why-and-how.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8309976 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard 3.4 million people are needed to fill the global cybersecurity workforce gap, it's no surprise that CISOs feel that they need more staff to safeguard their networks, let alone focus on more strategic priorities. And nearly 70% of leaders say this skills gap creates additional cyber risks for their business.  To read this article in full, please click here]]> 2023-02-09T08:46:00+00:00 https://www.csoonline.com/article/3687611/embrace-this-opportunity-to-attract-new-cybersecurity-talent.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8308600 False Guideline None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-02-09T02:00:00+00:00 https://www.csoonline.com/article/3687180/how-to-unleash-the-power-of-an-effective-security-engineering-team.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8308508 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard IoT, the number and diversity of devices that have to be managed by endpoint security tools is on the rise. As a consequence, the number of available tools to manage them has also risen.An ESG survey of 380 security professionals in North America, commissioned by cybersecurity company Syxsense, showed that companies using larger numbers of different tools to manage their endpoints had larger proportions of unmanaged endpoints, compared to those with fewer. Put simply, the complexity of the current-day device environment is leading to worse security, according to the research.To read this article in full, please click here]]> 2023-02-08T07:01:00+00:00 https://www.csoonline.com/article/3687140/growing-number-of-endpoint-security-tools-overwhelm-users-leaving-devices-unprotected.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8308294 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard Sundaram Lakshmanan, Chief Technology Officer, Lookout We live in an age where hybrid work and bring-your-own-device (BYOD) programs have become the norm. The result is that you're tasked with protecting your data in an environment that's far more complex than in the past.   To read this article in full, please click here]]> 2023-02-08T05:08:00+00:00 https://www.csoonline.com/article/3687217/how-do-you-protect-your-data-in-the-age-of-hybrid-work.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8308261 False Guideline None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-02-02T03:50:00+00:00 https://www.csoonline.com/article/3687089/foreign-states-already-using-chatgpt-maliciously-uk-it-leaders-believe.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8306549 False Guideline ChatGPT 3.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-02-01T11:00:00+00:00 https://www.csoonline.com/article/3686575/new-mitre-attandck-like-framework-outlines-software-supply-chain-attack-ttps.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8306331 False Guideline None 3.0000000000000000 CSO - CSO Daily Dashboard report. We gathered insight from dozens of subject matter experts all throughout Cisco to tell a data-driven story about the major security events Cisco responded to, trends in the threat landscape, and what it all means for 2023.As we reviewed the major events from this year, one throughline seemed particularly clear: adversaries are adapting to shifts in the geopolitical landscape, actions from law enforcement, and the efforts of defenders. Organizations, IT leaders, and security professionals will need to track and address these shifts in behavior to maintain resilience.To read this article in full, please click here]]> 2023-01-19T07:59:00+00:00 https://www.csoonline.com/article/3686091/not-if-but-when-maintaining-resilience-as-threat-actors-adapt.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8302594 False Threat,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-19T07:37:00+00:00 https://www.csoonline.com/article/3686089/why-you-don-t-have-to-fix-every-vulnerability.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8302577 False Vulnerability,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-13T10:39:00+00:00 https://www.csoonline.com/article/3685376/looking-for-a-warranty-from-an-mdr-provider-ask-these-key-questions.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300941 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard 2022 IBM Cost of a Data Breach Report, the global average cost of a data breach is $4.35 million. Data breaches in the US are even more costly, averaging over $9 million. However, it isn't just the big players caught in the line of fire. IBM's report also found that 83% of companies will experience a data breach soon, meaning financial institutions of all sizes - from local credit unions to Fortune 500s - are at risk. While ransomware attacks get the most time in the financial headlines, most breaches aren't caused by external factors or threat actors. The majority of system availability problems actually occur due to a lack of staff knowledge and protective protocols, software issues and limited security visibility across the institution. However, “more visibility” is not synonymous with “seeing more alerts.” In fact, the opposite is true. Keep reading to see how Devo SOAR helped a leading US bank streamline its SOC.To read this article in full, please click here]]> 2023-01-12T10:00:00+00:00 https://www.csoonline.com/article/3685191/how-financial-institutions-can-soar-to-success-with-devo-soar.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8300630 False Ransomware,Data Breach,Threat,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard projected to reach $2.36 billion by 2027, and small to mid-size enterprises are leading the way.To read this article in full, please click here]]> 2023-01-10T09:48:00+00:00 https://www.csoonline.com/article/3685230/the-converging-future-of-xdr-and-threat-hunting.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299608 False Threat,Guideline None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2023-01-09T15:05:00+00:00 https://www.csoonline.com/article/3685048/tcp-floods-are-again-the-leading-ddos-attack-vector.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8299349 False Guideline None 1.00000000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-20T07:32:00+00:00 https://www.csoonline.com/article/3683888/managing-risk-would-be-easier-if-it-weren-t-for-people.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8293086 False Threat,Guideline None 1.00000000000000000000 CSO - CSO Daily Dashboard DDoS Threat Intelligence Report from NETSCOUT. These include adaptive distributed denial-of-service (DDoS), direct-path TCP-based DDoS, proliferation of botnets, sociopolitical fallout, and collateral damage. The thing these trends all have in common is they are designed to evade common DDoS defense measures and cause maximum harm to targets and others in their proximity. DDoS always attempts to disrupt, destabilize, and deny availability and often succeeds. The only thing that can prevent its success is a well-designed network with intelligent DDoS mitigation systems (IDMSs). For many organizations, common myths can lead to poor choices and overconfidence when it comes to properly architecting a solution.To read this article in full, please click here]]> 2022-12-13T15:57:00+00:00 https://www.csoonline.com/article/3682658/3-common-ddos-myths.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8291034 False Threat,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-12-13T13:04:00+00:00 https://www.csoonline.com/article/3682756/securing-operational-technology-environments-for-critical-infrastructure.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8290934 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard claim that the global skills shortage creates additional cyber risks for their organization, including 80% who reported experiencing at least one breach during the last 12 months that they attributed to the cybersecurity skills gap.The always-changing threat landscape, with fewer skilled people makes it nearly impossible to keep ahead of threats. That's why it's time to talk about the human element – specifically your Security Operations Center (SOC) analysts – and their role in your cybersecurity framework.To read this article in full, please click here]]> 2022-12-08T05:35:00+00:00 https://www.csoonline.com/article/3682078/want-to-help-your-analysts-embrace-automation-and-outsourcing.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8289345 False Threat,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard Elevate Health, praises the instincts that stopped the attacks from causing financial or reputational damage. Yet, he contends that expecting users to be the frontline defense against rampant phishing, pharming, whaling, and other credential-based attacks increasingly taking place over out-of-band channels is a recipe for disaster.To read this article in full, please click here]]> 2022-12-05T02:00:00+00:00 https://www.csoonline.com/article/3681328/when-blaming-the-user-for-a-security-breach-is-unfair-or-just-wrong.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8287760 False Threat,Guideline None 3.0000000000000000 CSO - CSO Daily Dashboard Identity and Access Management (IAM) program to maintain a strong cybersecurity posture. Having multiple layers to verify users is important, but MFA fatigue is also real and can be exploited by hackers.Enabling MFA for all accounts is a best practice for all organizations, but the specifics of how it is implemented are significant because attackers are developing workarounds. That said, when done correctly – and with the right pieces in place – MFA is an invaluable tool in the cyber toolbox and a key piece of proper cyber hygiene. This is a primary reason why MFA was a key topic for this year's cybersecurity awareness month. For leaders and executives, the key is to ensure employees are trained to understand the importance of the security tools – like MFA – available to them while also making the process easy for them.To read this article in full, please click here]]> 2022-12-02T04:33:00+00:00 https://www.csoonline.com/article/3681893/improving-cyber-hygiene-with-multi-factor-authentication-and-cyber-awareness.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8286704 False Tool,Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard pharma leaders investing in the Internet of Things (IoT) are better equipped to overcome unforeseen challenges.For these proactive pharmaceutical leaders, two major areas have become increasingly important: preventing network outages and increasing security against cyberattacks. The 2021 State of Pharmaceuticals and Cybersecurity Report from Fortinet found that in the last year, 40% of businesses experienced outages affecting productivity, safety, compliance, revenue, or brand image. These outages are no small glitches: Industry experts estimate the total downtime cost (TDC) of a production disruption ranges from $100,000 to $500,000 per hour. A few disruptions a year can have a massive effect on the bottom line. This necessitates network and application performance management to minimize downtime.To read this article in full, please click here]]> 2022-11-28T12:04:00+00:00 https://www.csoonline.com/article/3681113/5-reasons-to-protect-the-performance-and-security-of-your-pharmaceutical-business.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8274019 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard MITRE Engage, a cyber adversary engagement framework.To read this article in full, please click here]]> 2022-11-22T02:00:00+00:00 https://www.csoonline.com/article/3680371/know-thy-enemy-thinking-like-a-hacker-can-boost-cybersecurity-strategy.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8159077 False Hack,Threat,Guideline None 3.0000000000000000 CSO - CSO Daily Dashboard Gartner forecasts that information security spending will reach $187 billion in 2023, an increase of 11.1% from 2022. In tandem with this spending, the analyst firm alsopredicts that by 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.To read this article in full, please click here]]> 2022-11-21T11:59:00+00:00 https://www.csoonline.com/article/3680730/6-questions-to-ask-before-you-hire-a-managed-security-services-provider.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8152081 False Guideline None None CSO - CSO Daily Dashboard API-focused Noname Security has launched Recon, whice simulates an attacker performing reconnaissance on an organization's domains.Recon works from a root-level domain to find other domains, shadow domains, sub-domains, APIs, vulnerabilities, and public issues that put the organization at risk, according to Noname. “Then we start looking at, both actively and passively looking at any API-related information pertaining to those domains,” Troy Leilard, regional solution architect lead ANZ, tells CSO.To read this article in full, please click here]]> 2022-11-18T03:57:00+00:00 https://www.csoonline.com/article/3680550/noname-security-releases-recon-attack-simulator.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8087580 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-15T02:00:00+00:00 https://www.csoonline.com/article/3679431/build-a-mature-approach-for-better-cybersecurity-vendor-evaluation.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=8024580 False Guideline None None CSO - CSO Daily Dashboard research revealing an increase of almost 800% in software supply chain attacks.To read this article in full, please click here]]> 2022-11-09T09:35:00+00:00 https://www.csoonline.com/article/3679490/github-releases-new-sdlc-security-features-including-private-vulnerability-reporting.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7908496 False Vulnerability,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-11-08T07:46:00+00:00 https://www.csoonline.com/article/3679430/4-reasons-smbs-should-consider-an-msp-for-threat-hunting.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7890718 False Threat,Guideline None None CSO - CSO Daily Dashboard VPN apps to load spyware on Android devices, cybersecurity company Kaspersky reports. It's an example of how APT (advanced persistent threat) actors are constantly updating old attack tools and creating new ones to launch new malicious campaigns, particularly against mobile devices.“In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via a VPN service, where victims tried to find protection and security, is an excellent example,” Victor Chebyshev, the lead security researcher at Kaspersky's (Global Research & Analysis Team (GReAT), said in a blog post.To read this article in full, please click here]]> 2022-11-03T07:39:00+00:00 https://www.csoonline.com/article/3678851/espionage-campaign-loads-vpn-spyware-on-android-devices-via-social-media.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7803284 False Guideline None None CSO - CSO Daily Dashboard new Devo SOC Performance Report shows that security professionals behind the scenes are feeling the pain due to too much work and not enough resources.That means that SOC leaders today have a real balancing act when it comes to retaining analysts amid immense talent shortages and turnover. Respondents reported that average time to fill a SOC position is seven months. And 71% of SOC professionals said they're likely to quit their job, with the top reasons being information and work overload, followed by lack of tool integration, and alert fatigue.To read this article in full, please click here]]> 2022-11-03T06:00:00+00:00 https://www.csoonline.com/article/3678850/new-soc-performance-report-security-analysts-are-overworked-and-under-resourced.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7801673 False Tool,Guideline None None CSO - CSO Daily Dashboard SOC Performance Report shows familiar challenges facing staff and leaders since the start of the global pandemic continue to affect SOC performance, including talent shortage and turnover. Based on an independent survey of more than 1,000 global cybersecurity professionals, the report examines current SOC trends and challenges.The report shows that despite agreement on the importance of the SOC to the cyber strategy – lines are drawn between SOC staff and leaders regarding SOC effectiveness. Recognition is Key  To read this article in full, please click here]]> 2022-11-03T06:00:00+00:00 https://www.csoonline.com/article/3678848/new-report-finds-soc-leaders-and-staff-still-not-aligned.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7801674 False Guideline None None CSO - CSO Daily Dashboard convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, "While the United States is facilitating this meeting, we don't view this solely as a US initiative. It's an international partnership that spans most of the world's time zones, and it really reflects the threat that criminals and cyberattacks bring.”To read this article in full, please click here]]> 2022-11-03T04:22:00+00:00 https://www.csoonline.com/article/3678948/white-house-ransomware-summit-highlights-need-for-borderless-solutions.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7800875 False Ransomware,Threat,Guideline None None CSO - CSO Daily Dashboard released a comprehensive report in late September 2022 that discussed the need for dedicated privacy leadership within the departments and agencies of the executive branch of government if goals surrounding privacy are to be achieved. The report highlighted how this void in leadership was in essence putting at risk well-intentioned plans and procedures for protecting the personal identifiable information (PII) held within those entities.The GAO recommended that Congress consider legislation that would require a dedicated senior-level privacy official be named within these organizations and sent along more than 60 individual recommendations to enhance privacy programs.To read this article in full, please click here]]> 2022-11-02T02:00:00+00:00 https://www.csoonline.com/article/3678315/gao-report-government-departments-need-dedicated-leaders-to-oversee-privacy-goals.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7779383 False Guideline None None CSO - CSO Daily Dashboard State of the Software Supply Chain from Sonatype.With the rapid growth of OSS adoption, organizations have begun to stand up Open Source Program Offices (OSPOs) to help codify strategies around OSS use and contribution and to foster collaboration with the broader OSS community. These OSPO's often have key responsibilities such as cultivating an OSS strategy, leading its execution, and facilitating the use of OSS products and services across an enterprise.To read this article in full, please click here]]> 2022-11-01T02:00:00+00:00 https://www.csoonline.com/article/3678209/the-ospo-the-front-line-for-secure-open-source-software-supply-chain-governance.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7762319 False Guideline None None CSO - CSO Daily Dashboard Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech's cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today's value.Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency, Web3 (a decentralized view of the web that incorporates blockchain technologies and token-based economics), and blockchain-related organizations are growing bolder and more lucrative for malicious hackers even as the value of cryptocurrencies stagnates. This month alone, Binance saw its BNB chain drained of $586 million, close to the all-time most significant cryptocurrency theft of $624 million from the Ronin Network in March 2022.To read this article in full, please click here]]> 2022-10-25T02:00:00+00:00 https://www.csoonline.com/article/3677469/blockchain-security-companies-tackle-cryptocurrency-theft-ransom-tracing.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7671117 False Guideline None None CSO - CSO Daily Dashboard counted 455 attacks from 27 ransomware variants, with LockBit 3.0 being responsible for 192 of them (42%). Meanwhile, security firm Digital Shadows tracked around 600 ransomware victims over the same time period, with LockBit accounting for 35% of them.To read this article in full, please click here]]> 2022-10-20T10:28:00+00:00 https://www.csoonline.com/article/3677488/with-conti-gone-lockbit-takes-lead-of-the-ransomware-threat-landscape.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7588209 False Ransomware,Threat,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-17T02:00:00+00:00 https://www.csoonline.com/article/3676130/top-skill-building-resources-and-advice-for-cisos.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7526560 False Guideline None None CSO - CSO Daily Dashboard 2022 Devo SOC Performance Report, the firm discovered that SOC professionals experience significant challenges while performing their duties as SOC leaders and their teams wrestle with several ongoing issues that hamper performance. What's more, Devo's findings suggest that some of the key SOC complications facing organizations date back to the start of the global COVID-19 pandemic in early 2020.To read this article in full, please click here]]> 2022-10-12T04:10:00+00:00 https://www.csoonline.com/article/3676135/information-overload-burnout-talent-retention-impacting-soc-performance.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7411126 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-07T07:01:00+00:00 https://www.csoonline.com/article/3676231/why-a-risk-based-cybersecurity-strategy-is-the-way-to-go.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7334738 False Guideline None None CSO - CSO Daily Dashboard Mexico's President Obrador confirmed that its government has suffered what is perhaps a sensitive attack on its intelligence and armed forces. Chilean Armed Forces suffered a similar attack and its judiciary system was also compromised. The Colombian National Institute for Drug and Food Surveillance (INVIMA) was also attacked. Moreover, there was an attempt to breach systems at the Ministry of Health of Costa Rica, a country that was the victim of a large ransomware attack this year.To read this article in full, please click here]]> 2022-10-07T02:00:00+00:00 https://www.csoonline.com/article/3675961/3-actions-latin-american-leaders-must-take-to-reduce-risk-of-cyberattacks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7331458 False Ransomware,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-10-04T11:47:00+00:00 https://www.csoonline.com/article/3675392/tenable-aims-to-unify-your-cybersecurity-with-exposure-management-platform.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7297845 False Guideline None None CSO - CSO Daily Dashboard Much like last year, 2022 has seen significant, government-led initiatives launched to help to address diverse security issues.Here are 22 notable cybersecurity initiatives introduced around the world in 2022.February Israel commits to IDB cybersecurity initiative in Latin America, Caribbean The Israeli government announced that it will join the Inter-American Development Bank (IDB) to establish a new cybersecurity initiative, committing $2 million USD to help strengthen cybersecurity capabilities in Latin America and the Caribbean (LAC). Israel's funding would aid in building cyber capacity across the region by giving officials and policymakers access to forefront practices and world-leading knowledge and expertise, the government stated. “The cybersecurity initiative is paving the way for the safe and secure digitalization of Latin America and the Caribbean, one of the key elements for growth in the post-COVID era,” said Matan Lev-Ari, Israel's representative on the IDB's Board.To read this article in full, please click here]]> 2022-09-29T02:00:00+00:00 https://www.csoonline.com/article/3674954/23-notable-government-cybersecurity-initiatives-in-2022.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7198306 False Guideline None None CSO - CSO Daily Dashboard 2022-09-26T08:23:00+00:00 https://www.computerworld.com/article/3674792/jamf-buys-zecops-to-bring-world-class-security-to-apple-enterprise.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7151218 False Guideline None None CSO - CSO Daily Dashboard a new report. "The threat actors used blog post titles that an individual would search for whose organization may be of interest to a foreign intelligence service e.g., 'Confidentiality Agreement for Interpreters.' The Threat Intel Team discovered the threat actors highly likely created 192 blog posts on one site."To read this article in full, please click here]]> 2022-09-23T13:42:00+00:00 https://www.csoonline.com/article/3674791/seo-poisoning-campaign-directs-search-engine-visitors-from-multiple-industries-to-javascript-malwar.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7089429 False Malware,Threat,Guideline None None CSO - CSO Daily Dashboard Billington Cybersecurity Summit, leaders from across the globe gathered to discuss the importance of international partnerships in managing the persistent threats governments must address. The near-total digitalization of every aspect of society that exposes virtually all public and private sector services to escalating cyber threats dictates a more robust, collective defense. Moreover, as cyber risks intensify and multiply, governments worldwide are stepping up their own independent efforts to protect against the rising tide of digital threats.To read this article in full, please click here]]> 2022-09-19T02:00:00+00:00 https://www.csoonline.com/article/3673748/international-cooperation-is-key-to-fighting-threat-actors-and-cybercrime.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=7000252 False Ransomware,Threat,Guideline None None CSO - CSO Daily Dashboard recent industry survey, 80% of organizations that lack visibility into their assets report roughly three times as many cybersecurity incidents. And when asked to identify the biggest cause of SOC ineffectiveness, 65% of leaders cited “visibility into the attack surface.”To read this article in full, please click here]]> 2022-09-16T06:00:00+00:00 https://www.csoonline.com/article/3674129/tips-for-improving-security-visibility.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6930342 False Guideline None None CSO - CSO Daily Dashboard Russian Cyberwarfare: Unpacking the Kremlin's Capabilities by two esteemed researchers, Irina Borogan and Andrei Soldatov. The opening premise is that Russia has not demonstrated its cyber warfare adroitness in support of its invasion of Ukraine. Whether the Russians tried, and their efforts failed due to the capabilities of Ukraine's cyber defenders or because leadership meddling disrupted the execution strategies of the professional cyber warriors, hasn't yet been revealed. What is evident is that the Ukraine example has called into question the Russian playbook being technologically focused and suggests that the political quotient is much more in play than perhaps previously suggested.To read this article in full, please click here]]> 2022-09-15T02:00:00+00:00 https://www.csoonline.com/article/3673105/russia-s-cyber-future-connected-at-the-waist-to-soviet-military-industrial-complex.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6906259 False Guideline None 4.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-09-06T03:00:00+00:00 https://www.csoonline.com/article/3672189/how-leading-companies-secure-a-hybrid-workforce.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6750151 False Guideline None None CSO - CSO Daily Dashboard CIS Benchmarks) are available to download for free in PDF format.To read this article in full, please click here]]> 2022-09-01T06:13:00+00:00 https://www.csoonline.com/article/3672235/how-hardened-vms-can-help-with-cloud-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6665817 False Guideline None None CSO - CSO Daily Dashboard Open Cybersecurity Schema Framework (OCSF) project. The announcement acknowledges the problem of security professionals needing to wrestle with proprietary data formats and outputs rather than their actual roles of risks and threats. This is problematic given the industry is already facing significant workforce challenges, burnout and fatigue. By standardizing on security product schemas and formats, security practitioners can spend more time addressing threats that pose risks to organizations.To read this article in full, please click here]]> 2022-08-30T02:00:00+00:00 https://www.csoonline.com/article/3671133/key-takeaways-from-the-open-cybersecurity-schema-format.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6622447 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-08-25T11:15:00+00:00 https://www.csoonline.com/article/3671330/how-can-cisos-tackle-the-soc-talent-shortage.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6525023 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-08-24T23:23:00+00:00 https://www.csoonline.com/article/3671149/beyond-the-cyber-buzzwords-what-executives-should-know-about-sase.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6515414 False Guideline None None CSO - CSO Daily Dashboard Forrester released a report Tuesday to help organizations do just that."It's hard to assess what 2023 budgets will look like because most companies are in their budget planning for 2023 now, but I think most companies are taking a cautious approach," says Forrester Vice President and Research Director Merritt Maxim."There might be some growth or flat, with the potential that if there is a more significant downturn next year, then spot cuts may be necessary," Maxim continues. "For now, though, I don't see any immediate slashing of budgets in anticipation of macroeconomic conditions."To read this article in full, please click here]]> 2022-08-24T11:54:00+00:00 https://www.csoonline.com/article/3671108/how-2023-cybersecurity-budget-allocations-are-shaping-up.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6505850 False Guideline None 3.0000000000000000 CSO - CSO Daily Dashboard in an online post. “Don't take this opportunity lightly. You only have one chance to make a first impression.”[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ] He says critical tasks to handle during onboarding include providing an overview of the security vision, mission, and core values as well as walking new employees through the security strategy and roadmap.To read this article in full, please click here]]> 2022-08-22T02:00:00+00:00 https://www.csoonline.com/article/3669849/7-critical-steps-for-successful-security-onboarding.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6470891 False Guideline None None CSO - CSO Daily Dashboard endpoint and application protection software to managed security service providers (MSSPs), the company announced Wednesday.The Stratosphere program was initially announced in April, and designed as a simplified channel program that focuses on expected partner margins, instead of set discounts on the product. Volume-based recognition and “medallion tiers” for sales are out. Instead, the company is offering “loyalty points” for achieving a range of different sales-related goals-like creating leads, getting customers certified, or completing business plans.To read this article in full, please click here]]> 2022-08-17T12:10:00+00:00 https://www.csoonline.com/article/3669903/new-deep-instinct-partner-program-targets-mssps-fighting-ransomware.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6378538 False Ransomware,Guideline None None CSO - CSO Daily Dashboard objectives and key results (OKRs) and tracking progress against them.He says they had worked for him in the past, and he believed that introducing their use to the state's security program could be equally useful.“It was a good way for the security team to stay focused. It helps give me and the teams priorities, it gives alignment between the teams, and we get the tracking and accountability,” says Gregg, who was named the state's CISO in late 2021 after working in the position as an interim and prior to that as director of state cyber operations.To read this article in full, please click here]]> 2022-08-09T02:00:00+00:00 https://www.csoonline.com/article/3669409/how-okrs-keep-security-programs-on-track.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6209138 False Guideline None None CSO - CSO Daily Dashboard ransomware and business email compromise (BEC) are leading causes of security incidents for businesses, geopolitics and deepfakes are playing an increasing role, according to reports from two leading cybersecurity companies.VMware's 2022 Global Incident Threat Response Report shows a steady rise in  extortionary ransomware attacks and BEC, alongside fresh jumps in deepfakes and zero-day exploits.To read this article in full, please click here]]> 2022-08-08T10:05:00+00:00 https://www.csoonline.com/article/3669476/ransomware-email-compromise-are-top-security-threats-but-deepfakes-increase.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6204546 False Ransomware,Threat,Guideline None None CSO - CSO Daily Dashboard Software bills of materials (SBOMs) are becoming a critical component of vulnerability management. Many organizations, however, are still wrestling with understanding fundamental topics in the SBOM discussion, such as the differences among the SBOM formats.What are SBOM formats? SBOM formats are standards for defining a unified structure for generating SBOMs and sharing them with end users or customers. They describe the composition of software in a common format that other tools can understand.The leading SBOM formats are Software Package Data Exchange (SPDX), Software Identification (SWID) Tagging, and CycloneDX. Only SPDX and CycloneDX are being adopted for security use cases. SWID is primarily focused on licensing and is therefore out of scope for this discussion. As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and others have stated, we will have multiple SBOM formats for some time.To read this article in full, please click here]]> 2022-08-08T02:00:00+00:00 https://www.csoonline.com/article/3668530/sbom-formats-spdx-and-cyclonedx-compared.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6199849 False Vulnerability,Guideline None None CSO - CSO Daily Dashboard survey of more than 500 security professionals. Based on the responses we received, we developed five steps organizations can take to improve their cyber resilience in the process. Keep reading to uncover our insights.To read this article in full, please click here]]> 2022-08-02T06:03:00+00:00 https://www.csoonline.com/article/3668555/security-leaders-share-5-steps-to-strengthening-cyber-resilience.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6090150 False Threat,Guideline None None CSO - CSO Daily Dashboard software is eating the world” by Marc Andreessen from over a decade ago. Software powers and touches nearly every aspect of modern society, both personally and professionally, and is critical to the modern economy and national security.It can also be said that open-source software (OSS) has eaten the software industry. The Linux Foundation and other groups have estimated that free and open-source software (FOSS) constitutes 70% to 90% of any modern software product. Not only is modern software largely composed of OSS components, but IT leaders are more likely to work with vendors who also contribute to the OSS community.To read this article in full, please click here]]> 2022-08-02T02:00:00+00:00 https://www.csoonline.com/article/3668192/how-openssf-scorecards-can-help-to-evaluate-open-source-software-risks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6087747 False Guideline None 5.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-08-01T10:00:00+00:00 https://www.csoonline.com/article/3668794/three-pillars-of-the-autonomous-soc.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6080969 False Threat,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-08-01T02:00:00+00:00 https://www.csoonline.com/article/3668134/5-ways-to-unite-security-and-compliance.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6076007 False Guideline None 5.0000000000000000 CSO - CSO Daily Dashboard complex web of in-person, online, and hybrid work scenarios while also juggling cloud migration to support their diversified workforce. There's also the increase in the sheer volume of cyber attacks to contend with; between July 2020 and June 2021, there was a 1,070% increase in ransomware attacks alone.[1]For Chief Information Security Officers (CISOs), this has created a variety of new challenges to contend with. Based on our conversations with security leaders, Microsoft has identified the top three focus areas that CISOs are prioritizing today so you can understand what steps your organization should take to guard against ongoing cybersecurity threats.To read this article in full, please click here]]> 2022-07-28T15:04:00+00:00 https://www.csoonline.com/article/3668534/cisos-are-focused-on-these-3-trends-are-you.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5998856 False Ransomware,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-07-27T12:57:00+00:00 https://www.csoonline.com/article/3668592/how-a-cybersecurity-program-can-counter-configuration-drift.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6078558 False Tool,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-07-27T05:00:00+00:00 https://www.csoonline.com/article/3668193/gitguardian-launches-ggcanary-project-to-help-detect-open-source-software-risks.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5968883 False Guideline None None CSO - CSO Daily Dashboard Managed Extended Detection and Response platform. The upgrade boosts the platform's capabilities to collect intelligence, hunt for threats, and secure mobile devices. Among the new modules added to Deloitte's MXDR offering: Cyber Security Intelligence, which adds to Deloitte's tools and proprietary sources intelligence from CrowdStrike Falcon X. The combination will provide users with actionable indicators of compromise (IoCs), threat notifications, threat actor profiles, industry landscapes, automated sandbox analysis, and threat briefing requests for information. "CSI allows us to be much more proactive in our detection, prevention, and understanding of threats so we can be more proactive in planning with our clients," says Deloitte MXDR leader Curt Aubley. Dynamic Adversary Intelligence, which provides clients with "over-the-horizon" adversary investigations. DAI uses passive intelligence collection methods, including global telemetry, industry-leading application programming interface integrations, refined tradecraft, proprietary analytics of publicly available information, and proprietary sources via Splunk. "DAI gives clients an inside-out view of attackers," Aubley explains. "It can also give a client the information they need to give to authorities to track down adversaries." Digital Risk Protection, which lets a client follow their digital footprint online. "We can fingerprint a client's intellectual property," Aubley says. "Using that information, along with data like domain names, email addresses, and others, we can look on the open web, deep web, and dark web and see if that information has gotten into the hands of an adversary. Then we can let a client know how to best manage any potential crisis that might arise from that leak. We can also look inside their environment to determine how the leak happened." Active Hunt and Response, which includes the use of a "dissolvable agent" that can be planted in the memory of an endpoint and collect data about an attacker while remaining invisible to them. In addition, a new Mobile Prevent, Detection, and Response module has been added to the MXDR platform. It has expanded hunting capabilities and is fully integrated with CrowdStrike Falcon for Mobile Endpoint Detection and Response and CrowdStrike's mobile threat defense.To read this article in full, please click here]]> 2022-07-21T11:38:00+00:00 https://www.csoonline.com/article/3668129/deloitte-expands-its-managed-xdr-platform.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5859804 False Threat,Guideline Deloitte,Deloitte None CSO - CSO Daily Dashboard U.S. government blacklisting the company, effectively drying up a great percentage of their clients to the point where bankruptcy was seen on the horizon.White House nixes L3Harris interest in NSO Then, according to a recent New York Times expose, U.S. defense contractor/supplier L3Harris allegedly attempted a Phoenix-like save and raise the charred NSO from the ashes, with the sub rosa assistance of the U.S. intelligence community. Apparently, L3Harris had its eye on the “zero-click” exploit provided by NSO's Pegasus for resale or exploitation by the U.S. To those not well versed in the government supply and contract world, L3Harris has expertise in the exploitation of cellphones.To read this article in full, please click here]]> 2022-07-21T05:10:00+00:00 https://www.csoonline.com/article/3668030/nso-group-s-pegasus-crashes-as-apple-initiates-dignity-and-justice-fund.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5854214 False Guideline None None CSO - CSO Daily Dashboard study by In-Q-Tel researchers shows a rapid rise in software supply chain attacks starting around 2016, going from almost none in 2015 to about 1,500 in 2020. The Cloud Native Computing Foundation's (CNCF's) catalog of software supply chain attacks also supports a rise in this attack vector.To read this article in full, please click here]]> 2022-07-20T02:00:00+00:00 https://www.csoonline.com/article/3666742/breaking-down-ciss-new-software-supply-chain-security-guidance.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5828670 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-07-19T03:34:00+00:00 https://www.csoonline.com/article/3667279/unauthorized-access-jumped-4x-in-2021.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5824194 False Guideline None None CSO - CSO Daily Dashboard news this morning that Roland Cloutier is stepping away from the TikTok Global CSO role may or may not be surprising.   After all, Roland joined TikTok a couple of years ago, around the same time that TikTok was dragged into some US political maneuverings.  At the time, it wasn't clear if Roland was going to be their CSO-for-life, or if his role was to guide TikTok through a transition and build an excellent foundation for its security future (I guess we know now).To read this article in full, please click here]]> 2022-07-15T08:45:00+00:00 https://www.csoonline.com/article/3667274/tiktok-resets-the-clock-on-security-leadership.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5748353 False Guideline None None CSO - CSO Daily Dashboard CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Amy Bennett, executive editor.To read this article in full, please click here]]> 2022-07-15T02:00:00+00:00 https://www.csoonline.com/article/3204008/new-ciso-appointments.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5741823 False Threat,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-07-14T02:00:00+00:00 https://www.csoonline.com/article/3666495/5-key-considerations-for-your-2023-cybersecurity-budget-planning.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5716198 False Guideline None 2.0000000000000000 CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-07-12T02:00:00+00:00 https://www.csoonline.com/article/3665760/locked-in-how-long-is-too-long-for-security-vendor-contracts.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5667393 False Vulnerability,Guideline None None CSO - CSO Daily Dashboard estimates that roughly 83% of internet traffic is API-based. Other studies such as those from Salt Security state that API attacks increased over 600% from 2021 to 2022, and Gartner predicts that 90% of web-enabled applications will have broader attack surfaces due to exposed API's. The latest study from Imperva claims that vulnerable APIs are costing organizations between $40 and $70 billion annually.To read this article in full, please click here]]> 2022-07-11T02:00:00+00:00 https://www.csoonline.com/article/3666689/understanding-your-api-attack-surface-how-to-get-started.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5659315 False Studies,Guideline None None CSO - CSO Daily Dashboard Safeguarding Our Future” bulletin. “Protecting Government and Business Leaders at the U.S. State and Local Level from People's Republic of China (PRC) Influence Operations” differs from previous warnings on China's use of social networks, pseudo-state-sponsored hackers, etc. The NSCS highlights how the Chinese intelligence apparatus uses the whole-of-government approach as they work to acquire information in support of the Communist Party of China (CCP) directives.To read this article in full, please click here]]> 2022-07-07T04:26:00+00:00 https://www.csoonline.com/article/3666490/u-s-and-uk-warn-local-governments-businesses-of-chinas-influence-operations.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5593384 False Threat,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-07-04T05:22:00+00:00 https://www.csoonline.com/article/3666049/asia-could-be-placing-all-the-wrong-cybersecurity-bets.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5568407 False Ransomware,Guideline None None CSO - CSO Daily Dashboard are using upwards of 200 different SaaS offerings, compared to two or three IaaS providers, and only about 30% of organizations have any sort of SaaS security solutions in place.Despite the pervasive use of SaaS, it is overwhelmingly ungoverned with little insight into use, data storage or access control. That's why the Cloud Security Alliance (CSA) created the SaaS Governance Best Practices for Cloud Customers whitepaper, for which I was honored to serve as its co-lead. These are some of the key security takeaways from the SaaS governance best practices guidance.To read this article in full, please click here]]> 2022-06-30T02:00:00+00:00 https://www.csoonline.com/article/3664935/key-takeaways-from-csa-s-saas-governance-best-practices-guide.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5486416 False Guideline None None CSO - CSO Daily Dashboard operational technology (OT) attacks and their impact on organizations. Fortinet recently released its 2022 State of Operational Technology and Cybersecurity Report revealing that 93% of OT organizations experienced one intrusion in the past year and 78% of them experienced more than three intrusions. The survey also found that CISOs and business leaders consider OT security a top concern. Outlined below are steps leaders can take to improve their OT security posture to decrease the risk of threats and keep up with bad actors.To read this article in full, please click here]]> 2022-06-29T08:42:00+00:00 https://www.csoonline.com/article/3665236/four-key-ways-cisos-can-strengthen-ot-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5453364 False Threat,Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-06-08T09:57:00+00:00 https://www.csoonline.com/article/3663157/4-factors-to-consider-when-choosing-a-cloud-workload-protection-platform.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5042433 False Tool,Guideline None None CSO - CSO Daily Dashboard Open Source Software Security Mobilization Plan. This is in response to attacks on the software supply chain and an uptick in interest in securing them. Supply chains are appealing targets to malicious actors because they can compromise a single point and have a cascading impact across the ecosystem of customers, as the SolarWinds and Log4j attacks have shown.To read this article in full, please click here]]> 2022-05-30T02:00:00+00:00 https://www.csoonline.com/article/3661631/the-open-source-software-security-mobilization-plan-takeaways-for-security-leaders.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=4893171 False Guideline None None CSO - CSO Daily Dashboard To read this article in full, please click here]]> 2022-05-19T05:47:00+00:00 https://www.csoonline.com/article/3661588/two-account-compromise-flaws-fixed-in-strapi-headless-cms.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=4706710 False Guideline None None CSO - CSO Daily Dashboard 2020-10-20T03:00:00+00:00 https://www.csoonline.com/article/3584783/avoiding-the-snags-and-snares-in-data-breach-reporting-what-cisos-need-to-know.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1987328 False Data Breach,Guideline None None CSO - CSO Daily Dashboard threat intelligence and invest in the resources necessary to protect what is now – and will remain indefinitely – a larger, more fluid attack surface. This time, the changes happening across the cyber threat landscape are more dramatic, and the risks due to recent network changes are greater than ever. This makes accurate and actionable threat intelligence even more crucial. The following threat summary highlights the cyber criminal community's ability to adapt and take advantage of low-hanging fruit to achieve their goals.]]> 2020-10-05T06:45:00+00:00 https://www.csoonline.com/article/3584562/from-botnets-to-phishing-a-discussion-on-the-2020-threat-landscape.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1957249 False Threat,Guideline None None CSO - CSO Daily Dashboard 2020-07-21T10:14:00+00:00 https://www.csoonline.com/article/3567517/how-to-get-broader-deeper-mitre-attack-coverage-by-using-edr-and-ndr-together.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1831111 False Guideline None None CSO - CSO Daily Dashboard 2020-06-24T10:17:00+00:00 https://www.csoonline.com/article/3564369/extrahop-named-in-the-2020-gartner-market-guide-for-ucaas-monitoring.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1775797 False Guideline None None CSO - CSO Daily Dashboard 2020-06-16T10:10:00+00:00 https://www.csoonline.com/article/3562699/securex-the-connective-tissue-for-integrated-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1770109 False Threat,Guideline None None CSO - CSO Daily Dashboard Register now to view the Summer 2020 digital issue. ] Contents LEAD5 tips for scaling a security organization How to prepare your SOC for mergers, new business innovation and a constantly changing and growing attack surface.]]> 2020-06-03T03:00:00+00:00 https://www.csoonline.com/article/3545336/spring-2020-ciso-rising.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1747837 False Guideline None None CSO - CSO Daily Dashboard ransomware scams often come to mind. But a relatively new kind of attack called business email compromise (BEC) has taken the lead in both frequency and overall damage, quickly becoming public enemy number one.]]> 2020-05-22T03:00:00+00:00 https://www.csoonline.com/article/3542636/how-abnormal-security-combats-business-email-compromise.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1725493 False Guideline None None CSO - CSO Daily Dashboard top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Berlin-based Security Research Labs (SRLabs) has published the results of its binary analysis of around 10.000 unique firmware builds running on many Android device models from different manufacturers. Most of the data was collected with SnoopSnitch, an application developed by the company to analyze mobile radio data for abnormalities that could indicate user tracking and fake base stations. It can also check if the Android firmware running on a device has the critical vulnerability patches that correspond to its reported security patch level.]]> 2020-04-27T03:00:00+00:00 https://www.csoonline.com/article/3540291/android-security-patching-improves-but-fragmentation-challenges-remain.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1677476 False Vulnerability,Patching,Guideline None None CSO - CSO Daily Dashboard 2020-04-24T07:48:00+00:00 https://www.csoonline.com/article/3540431/improving-security-outcomes-while-balancing-the-ciso-budget.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1673495 False Guideline None None CSO - CSO Daily Dashboard recent survey conducted by CSO.]]> 2020-04-23T13:01:00+00:00 https://www.csoonline.com/article/3540169/a-qanda-with-cisco-s-ciso-about-addressing-enterprise-wide-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1672242 False Guideline None None CSO - CSO Daily Dashboard Verizon found that almost all malware arrived on computers via email: this was true in 94 percent of cases. In not unrelated news, the number one type of social engineering attack, accounting for more than 80 percent of reported incidents, is phishing-the end goal of which is often to convince users to install malware. So if you want to improve your security posture, you know where to start. (And before you think of phishing as some kind of sinister Eastern European or Nigerian scam, know that 40 percent of phishing command and control servers are in the US.)]]> 2020-03-09T03:00:00+00:00 https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1589340 False Malware,Studies,Guideline None None CSO - CSO Daily Dashboard 2020-02-26T07:55:00+00:00 https://www.csoonline.com/article/3528860/2020-security-securing-your-business-with-an-integrated-security-platform.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1566924 False Guideline None None CSO - CSO Daily Dashboard 451 Research report, "The Impact and Evolution of Cloud Native," suggests that cloud-native architectures are more economical because they are driven by multiple microservices. Businesses can easily scale when they need to, making software deployment and development a much simpler and more cost-effective process.]]> 2020-02-19T15:41:00+00:00 https://www.csoonline.com/article/3528253/what-does-cloud-native-mean-for-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1563696 False Guideline None None CSO - CSO Daily Dashboard phishing attack or business email compromise (BEC). But have you deployed DMARC (Domain-based Message Authentication, Reporting and Conformance) for domains you own that do not send or receive email?]]> 2020-01-07T03:00:00+00:00 https://www.csoonline.com/article/3512239/how-to-stop-email-spoofing-of-parked-domains.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1497583 False Guideline None None CSO - CSO Daily Dashboard 2019-11-19T07:09:00+00:00 https://www.csoonline.com/article/3454357/five-reasons-you-need-a-global-view-of-your-attack-surface.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1477883 False Guideline None None CSO - CSO Daily Dashboard 2019-08-26T10:38:00+00:00 https://www.csoonline.com/article/3433244/capital-one-hack-shows-difficulty-of-defending-against-irrational-cybercriminals.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1286745 False Hack,Vulnerability,Guideline None None CSO - CSO Daily Dashboard 2019-07-23T07:48:00+00:00 https://www.csoonline.com/article/3410606/how-build-kits-speed-implementation-of-cyber-best-practices.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1219890 False Guideline None None CSO - CSO Daily Dashboard ISSA), 73% of organizations have been impacted by the cybersecurity skills shortage, and these firms are already competing for talent. My advice to CISOs is to assume they won't have the right skills or an adequate staff size in every area – including bridging the cyber-risk management gap. 31% want to increase security awareness training for employees. Also a great idea, but too many firms treat security awareness training as a “check-box” exercise. To really make an impact, CEOs must become cybersecurity cheerleaders and establish a cybersecurity culture throughout the organizations.  29% will conduct more penetration testing and red teaming exercises. ESG data demonstrates that penetration testing and red teaming are extremely beneficial, but few organizations have the internal skills to do those things well and it can be costly to hire third-party services. I'm bullish on an emerging category I call synthetic cyber-risk assessment (SCRA) from vendors such as AttackIQ, Randori, SafeBreach, and Verodin.  It's important to remember that cyber-risk management is job #1 for every CISO. Yes, business executives are willing to spend more money on cybersecurity, but they increasingly want to target this spending on protecting their most critical digital assets and need help measuring ROI on these investments. Therefore, it's no exaggeration to say that bridging the cyber-risk management gap may be the most important task for CISOs in 2019 and beyond. ]]> 2019-07-12T08:03:00+00:00 https://www.csoonline.com/article/3409017/how-organizations-are-bridging-the-cyber-risk-management-gap.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1201953 False Guideline None None CSO - CSO Daily Dashboard 2019-02-14T03:00:00+00:00 https://www.csoonline.com/article/3340226/malware/beware-of-phony-or-misleading-malware-rescue-web-pages.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1026364 False Malware,Guideline None None CSO - CSO Daily Dashboard login credentials for over 40,000 accounts that unlock government services in more than 30 countries. The credentials were harvested via phishing attacks that distributed spyware tools such as Pony Formgrabber, AZORult, and Qbot. It is believed the logins may have already been sold on underground hacking forms.As the researchers pointed out, “Even one compromised government employee's account can lead to the theft of commercial or state secrets.”]]> 2018-12-11T11:50:00+00:00 https://www.csoonline.com/article/3327209/security/researchers-find-over-40000-stolen-logins-for-government-portals.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=942864 False Guideline None None