CSO Online

Gladinet servers file-sharing servers allow remote code execution

Static AES keys are enabling attackers to decrypt access tokens and reach remote code execution, triggering urgent patch ...
CSO Online

Microsoft flips security script: ‘In scope by default’ makes all vulnerabilities fair game for bug bounties

The company’s new approach is that anything touching Microsoft services is eligible for a bug bounty, regardless of its ...
CSO Online

OpenAI expands ‘defense in depth’ security to stop hackers using its AI models to launch cyberattacks

The AI giant is setting up an advisory group of ‘experienced cyber defenders and security practitioners’ to advise it on ...
CSO Online

SAML authentication broken almost beyond repair

Multiple hacking techniques allow researchers to bypass XML signature validation while still presenting valid SAML ...
CSO OnlineOpinion

Cybersecurity isn’t underfunded — It’s undermanaged

Of course, cybersecurity projects are often complex because they need to reach across corporate silos and geographies to ...
CSO Online

Battering RAM hardware hack breaks secure CPU enclaves

Low-cost hardware hack opens the door to supply chain attacks against confidential computing servers in cloud environments.
CSO Online

CISO Reality: Record Pay, Rising Pressure, and Retention Risk

In this edition of Cyber Sessions, host Joan Goodchild talks with IANS researcher Nick Kakolowski about why midmarket CISOs ...
CSO Online

Quantum meets AI: The next cybersecurity battleground

As AI and quantum collide, we get huge leaps in power — along with a scramble to secure our data, trust the results and brace ...
CSO Online

Hundreds of Ivanti EPM systems exposed online as critical flaw patched

EPM has been targeted before. In March, CISA added three EPM vulnerabilities to its Known Exploited Vulnerabilities catalog ...
CSO Online

Behind the breaches: Case studies that reveal adversary motives and modus operandi

These breach case studies reveal cybercriminals are messy, conflicted and recruiting openly. Understanding their motives is ...
CSO Online

Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy ...
CSO Online

Fortinet admins urged to update software to close FortiCloud SSO holes

Vulnerabilities could allow an attacker to bypass single sign-on login protection; users should disable SSO until patching is ...