CSO interviews OneIdenty David Earhart
Active directory has been around for a while and is now a foundational service. Is its importance underestimated?
Identity Theft Prevention — News
Google Chrome on Android gets ‘site isolation’ shield against Spectre CPU attacks
Google brings site isolation to Chrome on Android and improves the defense for Chrome on the desktop.
As NAB addresses security lapse, average data-breach costs pass $3m
Australian companies are taking longer to detect and address costly breaches
David Braue | 29 Jul | Read more
Oracle releases emergency patch or WebLogic, exploits in the wild
Oracle has disclosed a bug in its WebLogic Server software that is both highly critical and already under attack.
Employers recognise the need for cyber skills – and they’re willing to pay big
The employment market is hungry for “future focused” executives with the ability to manage cybersecurity risk at the board level, according to a recent jobs market update that also found employers put a premium on executives who understand the need to continually test systems through regular red-teaming and penetration testing.
David Braue | 29 May | Read more
Asian victims lose $40m to scammers spoofing Chinese embassy phone numbers
FBI warns consumers over the Chinese embassy scam.
There’s no network security without visibility into encrypted threats
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Enterprises should use RFPs to force industry to improve security
Organisations are leaving themselves exposed by failing to demand adequate security protections when buying new technology, according to a senior Cisco executive who warned that security and networking specialists must work together better to close persistent gaps.
David Braue | 05 Mar | Read more
Insights: CSO Security Capabilities Survey 2019
While spending on cybersecurity expertise would seem to be a no-brainer, the large number of companies without formal inhouse expertise suggests another ongoing, underlying challenge in finding and securing those skills within the current competitive market.
By CSO staff | 22 Feb | Read more
US charges two Chinese nationals for massive data thefts from NASA and others
US lays charges against employees of Chinese private firm accused of working for the Chinese government.
Hyatt Hotel Bali among 41 Hyatt properties hit in card breach
Check your card account statements if you stayed at Hyatt Hotel Bali between March and July.
Your passwords are too short, police warn as Stay Smart Online Week prompts user education
Victoria Police has raised the bar on password security for Australian consumers to dizzying heights, marking Stay Safe Online Week with an exhortation for users to use passwords with at least 16 characters in them and to rely on 2-factor authentication for bank accounts, social media, and online payments.
David Braue | 12 Oct | Read more
Pen-testing may pacify auditors, but it won’t stop hackers from taking your data
Penetration testing often uncovers the same vulnerabilities over and over again while leaving other avenues of compromise wide open, a ‘red-team’ hacker has warned while reporting that his firm is still seeing “great success” using malware techniques and social engineering to compromise “complacent” firms that would seem to be following security best practices on paper.
David Braue | 20 Sep | Read more
Hacker allegedly stole $7.4 million worth of Ether in 3 minutes
While there is a general consensus that the Knightscope security robot in Washington, D.C., committed suicide on Monday, the same everyone-agrees-opinion is not true for the $7.4 million heist of the cryptocurrency Ether that happened on the same day.
Atlassian teams up with Bugcrowd for its first bug bounty
Atlassian will now pay up to $3,000 for researchers who report security bugs.
As tech bridges cloud gaps, security is best managed outside the IT shop
Growing business engagement with issues around cybersecurity risk means the CISO function should ideally be moved out of the IT organisation, a senior security policy advisor has argued as organisations increasingly adopt business-level controls on growing software-as-a-service (SaaS) adoption.
David Braue | 23 Jun | Read more
Companies must be ready to learn from breach-notification exposure, not fear it
Australian businesses need to get over their fear of being singled out under looming breach notification laws and be prepared to use public shaming as a trigger for internal transformation, two security consultants have advised as the February 2018 implementation deadline for Australia’s new |Notifiable Data Breaches (NDB) scheme draws ever nearer.
David Braue | 16 Jun | Read more
'Crashover' malware for power sector can cause black outs
Researchers uncover well-crafted malware that's designed to disrupt core electricity substation equipment to cause outages.
AusCERT 2017 - Identity is the new perimeter
Todd Peterson, from One Identity, delivered the second part of the AusCERT 2017 opening keynote. One Identity may sound like a new business but it’s an offshoot from Dell EMC and Quest Software.
Anthony Caruana | 30 May | Read more
Scammers target consumers in the wake of WannaCry ransomware outbreak
Fraudsters quickly jump on the WannaCry hype to spread adware and scare victims into paying.