CSO US First Look
The day's top cybersecurity news and in-depth coverage
February 06, 2024
Cyber Trust Mark concept gains momentum with smart device and IoT manufacturers
What producers of IoT devices and software need to know about the growing movement to create a cybersecurity rating system similar to the Energy Star program for appliances. Read more
Nation-state actor used recent Okta compromises to hack into Cloudflare systems
The hack, which used stolen tokens and credentials, was able to access âsome documentation and a limited amount of source codeâ before being thwarted. Read more
8 things that should be in a company BEC policy document
A business email compromise policy can guide and allow employees to feel safer by following pre-defined rules. Here are eight things that should be in an organizationâs BEC policy. Read more
Google offers free access to fuzzing framework
The AI-powered OSS-Fuzz tool can help find vulnerabilities and be combined with an auto-patching pipeline. Read more
US government agencies ordered to take Ivanti VPN products offline
CISA directive requires US federal agencies to remove the affected software by end of today due to actively exploited vulnerabilities. Read more
US security agencies terminate China-backed hacking attempt
The court-authorized operation involved deleting the KV Botnet malware on routers owned by citizens and small office owners. Read more
Bazel PoC attack highlights transitive vulnerability risk in custom GitHub Actions
A dependent action in Bazel could permit malicious code injection into a GitHub Actions workflow, highlighting risk from third-party dependencies. Read more
