CSO US First Look
The day's top cybersecurity news and in-depth coverage
December 09, 2023
Google expands minimum security guidelines for third-party vendors
Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. Read more
LogoFAIL attack can inject malware in the firmware of many computers
Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. Read more
Attackers breach US government agencies through ColdFusion flaw
Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. Read more
Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey
While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. Read more
What should be in a company-wide policy on low-code/no-code development
Low-code/no-code development could bridge the gulf of development backlogs that exists between great ideas and great execution of digital innovation. But not without security policies around areas like access control, code quality, and application visibility. Read more
Top cybersecurity product news of the week
New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey Read more
New CISO appointments 2023
Keep up with news of CSO, CISO, and other senior security executive appointments. Read more
