Loading...
CSO Security Leadership
The day's top cybersecurity news and in-depth coverage
May 01, 2024
Marriott admits it falsely claimed for five years it was using encryption during 2018 breach
Marriot revealed in a court case around a massive 2018 data breach that it had been using secure hash algorithm 1 and not the much more secure AES-1 encryption as it had earlier maintained. Read more
Navigating personal liability: post data-breach recommendations for CISOs
CISOs can avoid being liable for data breaches by following legal advice, communicating effectively with internal and external stakeholders, and demonstrating commitment to avoid future incidents. Read more
Finding the perfect match: What CISOs should ask before saying âyesâ to a job
Sometimes it's not really clear why a company wants to hire a CISO or the role lacks authority. There are some key questions that CISOs can ask to avoid taking a job with too many red flags. Read more
Cyber breach misinformation creates a haze of uncertainty
A string of recent false or misleading cyber breach reports, fueled by rampant online dissemination, is fostering an atmosphere of growing misinformation that makes it difficult to separate fact from fiction. Read more
Get more from the voice of CSOs and IT leadership
Read more from CSO delivered to your inbox. Subscribe now.
Close the barn door now! Avoid the risk of not monitoring retained access before itâs a problem
Thereâs usually a strict protocol for granting access to systems or data to a new employee or contractor. But there are perils in not keeping tabs on that access as that person moves around or leaves. Read more
UnitedHealth hackers exploited Citrix vulnerabilities, CEO to testify
In the written testimony before the House Energy and Commerce Committee, CEO Andrew Witty said after gaining access, the threat actor moved laterally within the systems using sophisticated methods and exfiltrated data. Read more
3 Windows vulnerabilities that may not be worth patching
Some vulnerabilities eat up a security teamâs time and resources yet provide little or nothing in the way of true protection. Some may even introduce more risk to a network. Read more
© 2024