CSO US First Look
The day's top cybersecurity news and in-depth coverage
December 12, 2024
The 7 most in-demand cybersecurity skills today
Evolving IT strategies and emerging technologies and threats have organizations shuffling their cyber skills want lists, according to a recent survey of IT security managers conducted by ISC2.
Sponsored by AWS Marketplace: How to choose the right cloud security tools for AWS
In a new release, A guide to cloud security tools for AWS, browse security capabilities for cloud-native applications, from security scanning to incident response, to learn how to use AWS services combined with category leading third-party AWS integrations to protect against modern threats.
Microsoft secretly stopped actors from snooping on your MFA codes
The issue could allow threat actors to brute force MFA authentication codes for Outlook, Teams, and Azure access with 50% accuracy.
Cardiac surgery device manufacturer falls prey to ransomware
Ransomware attack hits administrative processes at Artivion and hinders delivery of important medical equipment.
US sanctions Chinese cybersecurity firm over global malware campaign
Sichuan Silence and employee accused of exploiting firewall vulnerabilities in 2020.
Attackers exploit zero-day RCE flaw in Cleo managed file transfer
The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.
Salt Typhoon poses a serious supply chain risk to most organizations
The Salt Typhoon intrusion gives China a chance to exfiltrate massive amounts of data from most organizations, especially voice calls that can be stored for later use in deepfake campaigns.
