Security awareness training helps develop an information security mindset in your workforce, equipping employees with the knowledge to be your organization’s first line of cyber defense.| CSO Online
A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. The name evokes a scenario where an attacker has gotten the jump on a software vendor, implementing attacks that exploit the flaw before the good guys of infosec are able to respond.| CSO Online
Whether by dumb luck or ruthless skill, these malware attacks left their mark on the internet.| CSO Online
The surge in remote work has rekindled interest in brute-force attacks, but a few simple steps can make your organization less of a target for them.| CSO Online
Researchers released two tools--Muraen and NecroBrowser--that automate phishing attacks that can bypass 2FA. Most defenses won't stop them.| CSO Online
A botnet is a collection of internet-connected devices that an attacker has compromised to launch DDoS attacks, spread phishing spam, mine bitcoin, and more.| CSO Online
Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack.| CSO Online
Cybercriminals are switching up tactics for their social engineering trickery to increase authenticity, better bypass filters, and more intentionally target potential victims.| CSO Online
The rollout includes six in-house AI agents from Microsoft and five developed with partners.| CSO Online
The automated use of breached usernames and passwords to access accounts is low risk, high reward for cybercriminals. Here's how to make it harder for them to use credential stuffing.| CSO Online
An intrustion detection system (IDS) is a software application or hardware appliance that monitors traffic moving on networks and through systems to search for suspicious activity and known threats, sending up alerts when it finds such items.| CSO Online
An advanced persistent threat (APT) is a cyberattack executed by criminals or nation-states with the intent to steal data or surveil systems over an extended time period. Here's how to know if you've been hit with one.| CSO Online
Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs.| CSO Online
Ransomware is a form of malware that encrypts or blocks access to a victim’s files, data, or systems until a ransom is paid. Here’s what you need to know to avoid being a victim and what to do if you fall prey to cyber criminals.| CSO Online
The best way to recover from a ransomware attack is to have a reliable and fast backup process. Here's how to do it.| CSO Online
IAM is a set of processes, policies, and tools for controlling user access to critical information within an organization.| CSO Online
In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. Many of the details remain undisclosed, but this cyberattack is a cautionary tale about IT security, mergers and acquisitions, and Chinese espionage.| CSO Online
Malware is a blanket term for viruses, worms, trojans, and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information.| CSO Online
In 2017, personally identifying data of hundreds of millions of people was stolen from credit reporting agency Equifax. Here's a timeline of what happened, how it happened, and the impact.| CSO Online