CSO

The day's top cybersecurity news and in-depth coverage

CSO First Look

February 12, 2022

CISA warns about 15 actively exploited vulnerabilities

The high-severity vulnerabilities that CISA has added to its patch-now list include SeriousSAM privilege escalation and SMB remote code execution. Read more ▶
Image: Sponsored by ExtraHop: New Ruling Sets Security Incident Notification Standards for Financial Organizations

BrandPost Sponsored by ExtraHop

Sponsored by ExtraHop: New Ruling Sets Security Incident Notification Standards for Financial Organizations

A new rule issued by the OCC, Board of Governors of the Federal Reserve, and the FDIC requires banking organizations to notify federal regulators within 36 hours of certain security incidents. The ruling, titled Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, is strengthening the need for enhanced visibility, real-time detection, and intelligent response in the banking industry. The mandatory ruling, which goes into effect on April 1 and becomes enforceable on May 1, is described as "an effort to help promote early awareness of emerging threats to banking organizations and the broader financial system."

Major SAP vulnerability requires urgent patch to prevent HTTP request smuggling attacks

SAP ICM vulnerability allows theft of credentials and session information, which can be used to launch ransomware and steal sensitive data.

7 hot cybersecurity trends (and 2 going cold)

Is that security trend hot or not? From tools and technologies to threats and tactics, the numbers don't lie.
Image: Discover what’s next and what’s new in InfoSec – and learn how to protect your business with a proactive, agile InfoSec approach.

Discover what’s next and what’s new in InfoSec – and learn how to protect your business with a proactive, agile InfoSec approach.

Attend this 2-day virtual Summit to connect with InfoSec advice, tools, and solutions to help you prepare for unexpected and unknown threats.

Look for attack surface management to go mainstream in 2022

Many organizations struggle to discover, classify, and manage Internet-facing assets, leaving them vulnerable to attack. In 2022, they will finally do something to address this.

Hear from AstraZeneca, Prudential Financial, Target and more at CIO’s Future of Work Summit

Focusing on talent, technology, culture and leadership, the summit, held virtually February 15-17, will feature speakers from major companies, consultancies, and academia to help IT leaders navigate their way through the complexities of a vastly changed corporate landscape.

Andy Ellis: Vulnerabilities don’t count

No one outside the IT department cares about your vulnerability metrics (or they shouldn’t, anyway). They care about efficacy. And traditional stats don’t show that, says columnist Andy Ellis.

CISOs are burned out and falling behind

For CISOs experiencing burnout, the impact goes beyond not bringing their A game to work; it puts their organizations at increased risk.

CSO
Facebook Twitter LinkedIn
© 2022 CSO
140 Kendrick Street, Building B
Needham, MA 02494