Michael Hill
CSOonline
United Kingdom
Contact Michael
Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.
| Recent: |
|
| Past: |
|
Past articles by Michael:
Timeline of the latest LastPass data breaches
Attackers apparently used data taken in an August attack on the password management firm to enable another attack in November. → Read More
14 UK schools suffer cyberattack, highly confidential documents leaked
Documents reportedly including passport scans, staff pay scales, and contract details stolen by cybercrime group Vice Society, which has targeted education in multiple countries. → Read More
PCI Secure Software Standard version 1.2 sets out new payment security requirements
Changes include the Web Software Module to help payment software vendors and developers identify and implement security controls to protect against attacks. → Read More
8 things to consider amid cybersecurity vendor layoffs
Cybersecurity vendor layoffs raise several issues for CISOs and customers, not the least of which are security and risk-related factors. Here are 8 things to consider if your security vendor has announced significant staff cuts. → Read More
AWS' Inspector offers vulnerability management for Lambda serverless functions
AWS announces new cybersecurity features in Amazon Inspector and Amazon Macie at AWS Re:Invent 2022 in Las Vegas. → Read More
Luna Moth callback phishing campaign leverages extortion without malware
Palo Alto’s Unit 42 investigated several incidents linked to the Luna Moth callback phishing extortion campaign that uses legitimate and trusted management tools instead of malware to exploit businesses. → Read More
How remote working impacts security incident reporting
Security teams must update their security incident reporting policies and processes to account for remote work or risk exposure to increased threats. → Read More
Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection
Web proxy support and SaaS security posture management (SSPM) are among new Nova security features designed to help businesses tackle zero-day threats. → Read More
Information overload, burnout, talent retention impacting SOC performance
Security operations center leaders and staff report numerous pain points impacting SOC performance. → Read More
China’s attack motivations, tactics, and how CISOs can mitigate threats
A Booz Allen Hamilton report outlines global cyberthreats posed by the People’s Republic of China and gives some guidance on how to counter them. → Read More
8 strange ways employees can (accidently) expose data
From eyeglass reflections and new job postings to certificate transparency logs and discarded printers, employees have odd ways to unintentionally expose data.. → Read More
LiveAction adds new SOC-focused features to ThreatEye NDR platform
A SOC-specific user interface that supports analyst workflows and enhanced predicative threat intelligence capabilities are among the new features. → Read More
Uber links cyberattack to LAPSUS$, says sensitive user data remains protected
Attacker likely bought employee account credentials on the dark web and then escalated privileges to access internal tools. → Read More
8 notable open-source security initiatives of 2022
Vendors, collectives and governments are contributing to improve the security of open-source code, software, and development amid organizations’ increasing use of open-source resources. → Read More
In-app browser security risks, and what to do about them
Data security and privacy risks surrounding in-app browsers have been making headlines. These are the threats they pose and steps needed to minimize them. → Read More
Up to 35% more CVEs published so far this year compared to 2021
A new report shows that significantly more CVEs will be published this year, and that some organizations are still vulnerable from older, unpatched CVEs. → Read More
Lloyd’s of London to exclude state-backed attacks from cyber insurance policies
From March 2023, Lloyd’s of London will require all its insurer groups to exclude liability for losses arising from state-backed cyberattacks. → Read More
Exposed VNC instances threatens critical infrastructure as attacks spike
Threats surrounding Virtual Network Computing laid bare as attacks targeting critical infrastructure increase. → Read More
Cisco admits hack on IT network, links attacker to LAPSUS$ threat group
Cisco says an employee’s credentials were compromised after an attacker gained control of a personal Google account. → Read More
CrowdStrike adds AI-powered indicators of attack to Falcon platform
The new feature leverages millions of examples of malicious activity to more accurately identify signs of an attack. → Read More