DORA-Umsetzung hält Banken-CISOs auf Trab
CSO Online
by
5h ago
Finanzunternehmen müssen seit heute die neuen Regeln der EU-Verordnung DORA anwenden. Doch viele kämpfen noch immer mit der Umsetzung. SkazovD – Shutterstock.com Ab heute am 17. Januar 2025 sind alle EU-Finanzinstitute verpflichtet, den Digital Operational Resilience Act (DORA) umzusetzen. Die EU-Richtlinie soll dazu beitragen, die Cybersicherheit in der Finanzbranche zu erhöhen. Studien zeigen jedoch, dass viele Unternehmen noch immer mit der Umsetzung kämpfen. Eine Umfrage von metafinanz im November 2024 hat ergeben, dass der durchschnittliche Umsetzungsstand in mittelständischen Finanzunt ..read more
Visit website
Poor patching regime is opening businesses to serious problems
CSO Online
by
8h ago
Vulnerability remediation is taking a severe hit as security teams are faced with fatigue from a growing number of publicly disclosed vulnerabilities. According to an analysis by S&P Global Ratings, a joint division of S&P Global and the cyber risk analytics company Guidewire, almost three-quarters of organizations are either occasionally or infrequently remediating the vulnerabilities affecting their systems. “Our analysis suggests that some organizations that we rate may be slow to remediate highly targeted cyber vulnerabilities, increasing the risk that computer systems could be co ..read more
Visit website
EU’s DORA could further strain cybersecurity skills gap
CSO Online
by
14h ago
Efforts spent in achieving compliance with the EU’s Digital Operational Resilience Act (DORA) are likely to pile further pressure on the already strained cybersecurity skills market. DORA, which comes into full effect today, aims to improve the cybersecurity and operational resilience of financial institutions in the EU, including banks, insurance companies, and investment firms. The regulations require financial sector firms to establish a comprehensive framework for ICT (information and communications technology) risk management. Achieving DORA compliance requires implementing essential pro ..read more
Visit website
Was ist ein Payload?
CSO Online
by
17h ago
Ähnlich wie damals die griechischen Soldaten, die im Inneren des trojanischen Pferdes auf den passenden Zeitpunkt lauerten, werden Payloads zum Beispiel in vermeintlich harmlosen Dateianhängen versteckt und starten ihren Angriff oftmals durch einen Trigger zu einem späteren Zeitpunkt. Foto: wk1003mike – shutterstock.com Der Begriff „Payload“ hat seinen Ursprung im Transportwesen. Dort beschreibt „Nutzlast“ die Menge an Fracht, die ein Transportmittel aufnehmen kann, bis die maximal zulässige Gesamtmasse erreicht ist. Später wurde der Begriff auch für die Telekommunikation übernommen, um den ..read more
Visit website
Millions of tunneling hosts are vulnerable to spoofing, DDoS attacks, say researchers
CSO Online
by
17h ago
There are more than 4 million vulnerable hosts on the internet that accept unauthenticated traffic, say Belgian researchers, who warn that, unless action is taken by CISOs and network product manufacturers, those hosts can be abused as one-way proxies, enabling an adversary to spoof the source address of packets to permit access to an organization’s private network, or be leveraged to facilitate new denial of service attacks. The evidence is in an academic paper published this week by authors Angelos Beitis and Mathy Vanhoef of KU Leuven University’s DistriNet Research Unit. They started by s ..read more
Visit website
How do you unlock automation within IT security and IT operations?
CSO Online
by
1d ago
The proliferation of endpoints in today’s enterprises is outpacing the ability of IT operations and security teams to cost-effectively manage increasingly complex environments.  Already stretched thin, teams face the daunting task of securing vast IT estates with siloed tools, stale data, and other hindrances that create the perfect “imperfect” environment for vulnerabilities. And simply adding yet another bolted-on component to an existing patchwork quilt of technology solutions is a recipe for failure.  While automation initiatives expand in multiple areas, achieving desired outco ..read more
Visit website
International agierende Internetbetrüger geschnappt
CSO Online
by
1d ago
Insgesamt waren ca. 150 Polizeikräfte – davon 10 Polizeibeamte des Nürnberger Kriminalfachdezernats 5 – und zwei Staatsanwältinnen sowie zwei IT-Forensiker der ZCB in Deutschland, Rumänien und Österreich im Einsatz. m.mphoto – shutterstock.com Die Kripo Nürnberg und die bayerische Zentralstelle Cybercrime melden einen Erfolg im Kampf gegen die organisierte Internet-Kriminalität. Den fünf Tatverdächtigen werden zahlreiche Fälle von Betrug im Netz vorgeworfen, dabei dürfte ein Millionenschaden entstanden sein. Die Männer sitzen in Untersuchungshaft. Laut Mitteilung der Kripo und der Zentralste ..read more
Visit website
Neuer EU-Plan für mehr Cybersicherheit im Gesundheitswesen
CSO Online
by
1d ago
srcset="https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2566052025.jpg?quality=50&strip=all 6178w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2566052025.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2566052025.jpg?resize=768%2C432&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2566052025.jpg?resize=1024%2C576&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_256605 ..read more
Visit website
FTC orders GoDaddy to fix its infosec practices
CSO Online
by
1d ago
Web-hosting giant GoDaddy has been called out by the US Federal Trade Commission (FTC) for its lax security practices, since at least January 2018, with an order to immediately implement a tighter infosec program. An FTC complaint signed by five commissioners accused the leading domain registrar of lacking standard security practices to ensure hosting data safety. “Since 2018, GoDaddy has violated Section 5 of the FTC Act by failing to implement standard security tools and practices to protect the environment where it hosts customers’ websites and data, and to monitor it for security threats ..read more
Visit website
Cybersecurity hiring is deeply flawed, demoralizing, and needs to be fixed
CSO Online
by
2d ago
When people think about starting a new job, words like “exciting,” “motivating,” and “rewarding” often come to mind. The search for a new role represents an opportunity to embrace fresh challenges, grow professionally, and explore untapped potential. However, for many in cybersecurity, the reality is far from this ideal. The job market has become an exhausting and deeply flawed experience. What should be an inspiring journey often turns into a demoralizing maze, leaving candidates, recruiters, and hiring managers frustrated and questioning the system itself. If you’ve ventured into this lands ..read more
Visit website

Follow CSO Online on FeedSpot

Continue with Google
Continue with Apple
OR