CSO US First Look
The day's top cybersecurity news and in-depth coverage
February 03, 2024
US government agencies ordered to take Ivanti VPN products offline
CISA directive requires US federal agencies to remove the affected software by end of today due to actively exploited vulnerabilities. Read more
Bazel PoC attack highlights transitive vulnerability risk in custom GitHub Actions
A dependent action in Bazel could permit malicious code injection into a GitHub Actions workflow, highlighting risk from third-party dependencies. Read more
6 user experience mistakes made for security and how to fix them
Despite guidance to the contrary, some organizations continue to impose security measures that are needlessly complex and counterproductive on their employees and customers. Read more
Improving cybersecurity culture: A priority in the year of the CISO
Cybersecurity culture lags where it needs to be. CISOs are anxious to drive improvement, but only if executives and corporate boards get onboard. Read more
10 penetration testing tools the pros use
Pentesting involves reconnaissance, fingerprinting, gaining and maintaining access, defense evasion, covering tracks, privilege escalation, and data exfiltration. Here are 10 open source pententing tools. Read more
Zero-day, supply-chain attacks drove data breach high for 2023
Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024. Read more
Top cybersecurity product news of the week
New product and service announcements from Secureworks, OX, Vade, SentinelOne, Varonis, Keyfactor, and Deep Instinct. Read more
