Security News, Features, and Interviews

• Google Smart Lock: The complete guide

  Google Smart Lock can simplify security and save you time on Android, Chrome OS, and even Mac and Windows. Are you taking advantage of all it has to offer?

• Using a password manager: 7 pros and cons

  This veteran security pro feels more secure now that he's using a password manager, but there are still risks.

• 10 Slack security tools compared

  Slack does a good job of protecting its own code, but you'll need help to stop malware delivered through Slack messages or to avoid exposing personal information.

• 10 things you should know about dark web websites

  Catch a glimpse of what flourishes in the shadows of the internet.

• UK MPs call for a cyber security minister to defend critical infrastructure

  A UK parliamentary committee has urged the government to appoint a dedicated cyber security minister to help protect the country's critical national infrastructure (CNI).

• Slack beefs up security with enterprise key management

  Slack has announced the rollout of Enterprise Key Management to tighten up security and compliance for its enterprise customers.

• Learn to play defence by hacking these broken web apps

  OWASP's Broken Web Applications Project makes it easy to learn how to hack web applications--a critical skill for web application developers playing defense, junior penetration testers, and security-curious management.

• Critical authentication flaw in DJI drone web app fixed

  Check Point researcher finds vulnerability that could have allowed attackers to spy on drone fleets in real time.

• Experience an RDP attack? It’s your fault, not Microsoft’s

  Follow Microsoft's basic security guidelines for Remote Desktop Protocol and you'll shut down hackers who try to exploit it.

• FIFA hacked: further embarrassment for football's governing body

  The computer systems of FIFA have been hacked once again and the football federation is braced for more damaging leaks of confidential information.

• Why the best antivirus software isn't enough (and why you still need it)

  Antivirus software can’t keep up with new malware or variants of known malware, but it still plays a role in an overall endpoint protection strategy.

• What is application security? A process and tools for securing software

  Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Checking for security flaws in your applications is essential as threats become more potent and prevalent.

• Mingis on Tech: Data breaches and the rise of 'surveillance capitalism'

  Facebook and Google recently owned up to new data breaches affecting millions of users. It's not the first time. It won't be the last. CSO's J.M. Porup explains what's really going on.

• Why I don’t believe Bloomberg’s Chinese spy chip report

  China has stolen US information without using secretly embedded hardware, so why would it jeopardise its massive semiconductor industry?

• DMARC adoption: Three in five ASX100 companies at risk of email fraud

  What if I told you one of the biggest cybersecurity threats in Australia is cybercriminals impersonating the ASX100 over email?

• How the Bank of England built its 'SOC 2.0'

  The Bank of England has drastically shifted the way it runs its security operations centre (SOC) from being reactive to more proactive, employing more data science techniques to answer one fundamental question: "How do you spot an attack when you don't know what it looks like?"

• Bruce Schneier's Click Here to Kill Everybody reveals the looming cybersecurity crisis

  Everything is broken, and government and corporations like it that way. But when people start dying because of insecure cyberphysical systems, the overreaction from panicked policymakers could be worse than after 9/11.We need to solve this problem now, Bruce Schneier argues in his new book.

• Cisco closes US$2.3B deal for unified access, multi-factor authentication security firm Duo

  According to Cisco, Duo’s zero trust security model authorizes secure connections to all applications based on the trustworthiness of users and devices. Duo’s cloud-delivered technology lets IT professionals set and enforce risk-based, adaptive access policies and get enhanced visibility into users’ devices and activities.

• Cisco unearths 13 “High Impact” IOS vulnerabilities you need to patch now

  Cisco has exposed 13 vulnerabilities in its IOS and IOS XE switch and router operating software that the company said should be patched as soon as possible. The vulnerabilities were detailed in Cisco’s twice-yearly dump of IOS exposures and all have a High Impact security rating and should be evaluated by users as soon as possible.

• Can Senseon beat Darktrace at its own game with its 'AI triangulation' technology?

  A breakaway company from British cyber security darlings Darktrace called Senseon says it is plugging a gap in the infosec market that's sorely lacking - claiming unanimous approval from the CIOs who are enthusiastically taking up the technology.

Will the new Surface Go impress?

​With the success of Microsoft’s Surface Pro, it’s easy to assume the new Surface Go will be just as big a hit.