New measurements by the CITL mass fuzzing project show just how bad things really are.
Stories by J.M. Porup
Enterprises can improve their routing security for modest costs, according to the Mutually Agreed Norms for Routing Security (MANRS) project.
Security rock stars? Fake science? This year's Black Hat had it all.
According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.
Dino Dai Zovi tells Black Hat audience to embrace a culture where security is everyone's job and risks are shared. Automation with feedback loops also key to solving security challenges at scale
Information security is fundamentally political. It's refreshing to see so many talks this year that merge policy and technology.
IT services giant HCL left employee passwords exposed online, as well as customer project details, all without any form of authentication.
A Congressional commission might soon recommend conscription of cybersecurity professionals to serve in both the military and civil service. Will the government force security pros to work for Uncle Sam?
Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list.
Metasploit is a penetration testing framework that makes hacking simple. It's an essential tool for both attackers and defenders.
Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.
Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.
Defending critical infrastructure from determined attackers is not an easy task, CSO reporter J.M. Porup learned competing in the Department of Energy's CyberForce Competition 2018, a cyber security training initiative.
A new APT, dubbed White Company, is flexing its muscle on the world stage, and it has security researchers worried.
OWASP's Broken Web Applications Project makes it easy to learn how to hack web applications--a critical skill for web application developers playing defense, junior penetration testers, and security-curious management.