How a bank got hacked
Phineas Phisher claims to have netted hundreds of thousands of pounds sterling in a 2016 hack of the Cayman National Isle of Man Bank.
Stories by J.M. Porup
Boeing's poor information security posture threatens passenger safety, national security, researcher says
The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.
IoT vendors ignore basic security best practices, research finds
New measurements by the CITL mass fuzzing project show just how bad things really are.
Improving BGP routing security by minding your MANRS
Enterprises can improve their routing security for modest costs, according to the Mutually Agreed Norms for Routing Security (MANRS) project.
The best and worst of Black Hat 2019
Security rock stars? Fake science? This year's Black Hat had it all.
Inside the 2014 hack of a Saudi embassy
According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.
Black Hat keynote: Why security culture needs to change
Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale
7 must-see talks at Black Hat and DEF CON 2019
Information security is fundamentally political. It's refreshing to see so many talks this year that merge policy and technology.
HCL left employee passwords, other sensitive data exposed online
IT services giant HCL left employee passwords exposed online, as well as customer project details, all without any form of authentication.
Will the U.S. government draft cybersecurity professionals?
A Congressional commission might soon recommend conscription of cybersecurity professionals to serve in both the military and civil service. Will the government force security pros to work for Uncle Sam?
200 million-record breach: why collecting too much data raises risk
Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list.
What is Metasploit? And how to use this popular hacking tool
Metasploit is a penetration testing framework that makes hacking simple. It's an essential tool for both attackers and defenders.
Better, badder, bigger SIEM coming your way, courtesy of Google
Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.
What is Mimikatz? And how to defend against this password stealing tool
Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.
Fear and loathing defending ICS security at the Department of Energy's CyberForce Competition
Defending critical infrastructure from determined attackers is not an easy task, CSO reporter J.M. Porup learned competing in the Department of Energy's CyberForce Competition 2018, a cyber security training initiative.