LightNews LightNews
csoonline.bsky.social
CSOonline
@csoonline.bsky.social
89 followers 22 following 220 posts
CSO empowers enterprise security leaders with critical insights to stay ahead of threats. Covering #cybersecurity from #riskmanagement to #networkdefense, we provide the expertise needed to defend against cybercrime.
Posts Media Videos Starter Packs
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 2d
Quantum attacks won’t announce themselves. By the time they hit, it’s game over. The only defense is getting quantum-ready now.

Full story by #FoundryExpert Contributor, Mike Wilkes: spr.ly/63324A2qfn

#Encryption
#ThreatandVulnerabilityManagement
Close-up of a man with grey hair and a beard, wearing glasses and a suit with a purple tie. He has light eyes and a fair complexion, set against a grey background.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 2d
Despite recognizing the severity of the threat, enterprises continue to respond slowly to warnings that existing systems must be updated to address the risks of the approaching advent of quantum computers.

www.csoonline.com/article/4074...
CISOs face quantum leap in prioritizing quantum resilience
Industry progress toward post-quantum cryptography (PQC) remains slow due to uneven prioritization and budget constraints in spite of acknowledged urgency and looming deadline.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 2d
In newly disclosed real-world attacks, threat actors are found exploiting a Cisco Simple Network Management Protocol (SNMP) vulnerability to install Linux rootkits on vulnerable switches.

www.csoonline.com/article/4074...
‘Zero Disco’ campaign hits legacy Cisco switches with fileless rootkit payloads
Researchers warn of fileless payloads, memory hooks, and a UDP-based C2 controller that complicate detection and remediation.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 3d
AI’s moving too fast for old rules — MAESTRO gives banks a smarter, layered way to secure next-gen generative and agentic AI systems.

Catch the full write-up by #FoundryExpert Contributor, Sina Manavi here: spr.ly/63324AF2sa

#Banking
#CloudSecurity
#FinancialServicesIndustry
A man with short grey hair and glasses in a blue suit sits in a red chair, holding a microphone. He wears an ID badge and a wristwatch. A bottle of water sits on the floor.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 3d
Checklists won’t cut it anymore — AI moves too fast. GRC needs to adapt in real time, understand AI’s intent and keep humans in the loop.

Get expert perspective from #FoundryExpert Contributor, Adetunji Adebayo here: spr.ly/63322AF2w8

#Compliance
#ITGovernance
#RiskManagement
A dark-skinned man wearing glasses, a white shirt and a blue patterned blazer with a red tie looks at the camera against a dark blue curtain backdrop.
1
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 3d
Customers of F5 Networks are advised to patch their devices immediately and be alert for suspicious activity after the company said in a regulatory filing that a threat actor stole some source code for its BIG-IP products. www.csoonline.com/article/4073...
Source code and vulnerability info stolen from F5 Networks
IT and security leaders should install latest patches from the application delivery and security vendor after suspected nation-state hack.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 3d
Secure your seat today at the CSO Conference and Awards here: spr.ly/6045fYLyZ
CSO Conference & Awards 2025: Top Cybersecurity Summit
Come to #CSOconference, October 20-22, 2025 at the Grand Hyatt Indian Wells Resort & Villas, Indian Wells, CA. Plan to attend CSO Conference & Awards, where leading CSOs & CISOs of award-winning organ...
spr.ly
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 3d
AI is no longer experimental—58% of orgs plan to boost spending on AI security tools in 2025.
Hear insights at the CSO Conference, Oct 20–22 at Grand Hyatt Indian Wells.

Read the article by Joan Goodchild for CSO events: spr.ly/63322AFpc6

#CSOConference #CybersecurityLeadership
CSO Security Priorities Study, 2025 states that 58% of organizations forecast an increase in AI-enabled security spending in the next 12 months. A robot hand holds a padlock. CSO logo on the right.
1
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 4d
Security teams are racing to combat AI-driven attacks with more sophisticated tools and enhanced control over their own AI.

Don’t miss the full story from #FoundryExpert Contributor, Rick Grinell: spr.ly/63328A0GOg

#CloudSecurity
#Cyberattacks
#NetworkSecurity
A fair-skinned man smiles in a headshot, wearing a patterned light blue shirt. His light brown hair is neatly styled, and he looks directly at the camera against a white backdrop.
1 2
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 4d
Today's rapidly changing environment demands a fresh mindset, one that challenges long-held assumptions about what keeps organizations secure. Security experts weigh in on the myths that we finally need to retire. www.csoonline.com/article/5719...
13 cybersecurity myths organizations need to stop believing
Security teams trying to defend their organizations need to adapt quickly to new challenges. Yesterday's best practices have become today's myths.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 4d
Last week, the extortion supergroup had its dark web and clearnet domains seized by police, the latest setback to befall the alliance that had threatened to release Salesforce data allegedly stolen from 39 companies in a mass social engineering attack.

www.csoonline.com/article/4072...
Scattered Lapsus$ Hunters extortion site goes dark: What’s next?
Group leaks data stolen from small subset of the 39 companies it threatened last week.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 5d
AI’s biggest dangers aren’t sci-fi — they’re here now. Paul Dongha shares how CISOs can spot red flags and keep AI use ethical and accountable.

Catch the full interview by #FoundryExpert Contributor, Tabish Ali here: spr.ly/63320AIF78

#ArtificialIntelligence
#GenerativeAI
Close-up of a smiling middle-aged man wearing glasses and a blue shirt. He is indoors, with a window behind him offering a view of city buildings. There are some plant pots visible next to the window.
1 1
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 5d
Resilience fails in the seams: tiny misconfigurations, forgotten defaults and silent drifts that escape the spotlight but magnify blast radius when things go wrong.

Opinion from #FoundryExpert Contributor, Maman Ibrahim: spr.ly/63328AI02E

#CloudSecurity
#NetworkSecurity

Close-up of a Black man with glasses, a neatly trimmed grey beard, and wearing a black turtleneck sweater. He's looking directly at the camera with a slight smile, set against a blurred, neutral background.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 5d
For decades, cybersecurity was about securing static assets — servers, endpoints and code. Even complex modern software is typically deterministic; it follows clear, predefined rules.

See what #FoundryExpert Contributor Ritu Jyoti has to say: spr.ly/63320AIqPi

#CloudSecurity
A portrait of Ritu Jyoti, CIO
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 9d
Velociraptor, the open-source DFIR tool meant to hunt intruders, has itself gone rogue – being picked up by threat actors in coordinated ransomware operations. www.csoonline.com/article/4070...
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
China-based threat actors abused outdated Velociraptor to maintain persistence and help deploy Warlock, LockBit, and Babuk ransomware.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 9d
Loris Gutic, CISO at Bright Security, warns that infosec is stuck in a time warp. The CIA triad, which dates back to the 1970s, has become an outdated relic. www.csoonline.com/article/4070...
The CIA triad is dead — stop using a Cold War relic to fight 21st century threats
CISOs stuck on CIA must accept reality: The world has shifted, and our cybersecurity models must shift, too. We need a model that is layered, contextual, and built for survival.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 10d
Strong cyber programs aren’t built on tech alone — they thrive when architecture, risk and culture work together.

Get the full story by #FoundryExpert contributor, Rangel Rodrigues here: spr.ly/63328As20j

#RiskManagement #DataSecurity #informationsecurity
A smiling man with dark hair wearing a collared shirt is centered in the frame. He appears to be indoors, possibly in an office setting with windows and cubicle dividers visible in the background.
1 2
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 10d
Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. www.csoonline.com/article/4070...
LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions
The alliance aims to coordinate attacks and share resources as law enforcement pressure mounts.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 10d
A fast-evolving Android spyware campaign known as “ClayRat,” initially targeting Russian users but now spreading far beyond, has produced more than 600 samples and 50 droppers in just three months.

www.csoonline.com/article/4070...
ClayRat spyware turns phones into distribution hubs via SMS and Telegram
The fast-evolving Android RAT spreads by impersonating popular apps and exploiting contact trust to propagate malicious links across victims’ networks.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 10d
Hundreds of workers within CISA, who were engaged in issuing alerts about threats against US agencies and critical infrastructure, have been shuffled and reassigned to agencies such as ICE, Customs and Border Protection, and the Federal Protective Service www.csoonline.com/article/4070...
Homeland Security’s reassignment of CISA staff leaves US networks exposed
As the DHS moves some CISA staff to immigration and border roles, experts warn of slower threat detection, delayed advisories, and rising risks for both federal and enterprise systems.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 10d
Researchers have found a way to trick the GitHub Copilot chatbot into leaking sensitive data, such as AWS keys, from private repositories. www.csoonline.com/article/4069...
GitHub Copilot prompt injection flaw leaked sensitive data from private repos
Hidden comments in pull requests analyzed by Copilot Chat leaked AWS keys from users’ private repositories, demonstrating yet another way prompt injection attacks can unfold.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 11d
AI agents are getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything.
www.csoonline.com/article/4069...
Autonomous AI hacking and the future of cybersecurity
AI agents are automating key parts of the attack chain, threatening to tip the scales completely in favor of cyber attackers unless new models of AI-assisted cyberdefense arise.
www.csoonline.com
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 11d
The popular Redis in-memory data store received a patch for a critical vulnerability that leads to remote code execution. The flaw requires authentication to exploit, but many instances don’t have authentication configured and around 60,000 of them are exposed.

www.csoonline.com/article/4069...
10.0-severity RCE flaw puts 60,000 Redis instances at risk
The critical vulnerability allows attacks to escape the in-memory data store’s Lua sandbox and subsequently execute arbitrary code on the underlying server.
www.csoonline.com
1 1
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 13d
AI isn’t replacing your SOC team — it’s supercharging them, turning endless alerts into smart, proactive defenses against real threats.

Don't miss this insightful opinion piece by #FoundryExpert contributor, Ritu Jyoti spr.ly/63328AolMy

#NetworkSecurity
#SecurityOperationsCenter
A mid-shot of a middle-aged Indian woman with her arms folded, wearing a blazer over a blue top with a pearl necklace, looking at the camera.
csoonline.bsky.social
CSOonline @csoonline.bsky.social · 13d
How phones get hacked: 7 common attack methods explained

Read this essential #IdentityManagementSolutions article by Josh Fruhlinger: spr.ly/63325Aom9W

#DLP #iPhone
How phones get hacked: 7 common attack methods explained
Mobile security often is tighter than PC security, but users can still be fooled by social engineering techniques, and smartphones can still be hacked. Here’s what to watch out for.
spr.ly