IT services giant HCL left employee passwords exposed online, as well as customer project details, all without any form of authentication.
Stories by J.M. Porup
Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list.
Metasploit is a penetration testing framework that makes hacking simple. It's an essential tool for both attackers and defenders.
Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.
Mimikatz is a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets.
Defending critical infrastructure from determined attackers is not an easy task, CSO reporter J.M. Porup learned competing in the Department of Energy's CyberForce Competition 2018, a cyber security training initiative.
A new APT, dubbed White Company, is flexing its muscle on the world stage, and it has security researchers worried.
OWASP's Broken Web Applications Project makes it easy to learn how to hack web applications--a critical skill for web application developers playing defense, junior penetration testers, and security-curious management.
Check Point researcher finds vulnerability that could have allowed attackers to spy on drone fleets in real time.
Burning malware is like Hercules fighting the nine-headed Hydra. For every head he cuts off, two more grow back in its place.
Everything is broken, and government and corporations like it that way. But when people start dying because of insecure cyberphysical systems, the overreaction from panicked policymakers could be worse than after 9/11.We need to solve this problem now, Bruce Schneier argues in his new book.
Wireshark is a must-have (and free) network protocol analyzer for any security professional or systems administrator. It's like Jaws, only for packets.
Penny-wise, pound-foolish: Letting old domain names expire might save a few bucks a year, but lets attackers register your old domain and pretend to be you.
Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.
With XSS, attackers enter malicious code into a web form or web app URL to trick the application into doing something it's not supposed to do.