Jamstack is a popular web development philosophy that aims to speed up both web development and the time it takes to download a web page. Drawing from devops and CI/CD, Jamstack upends long-held techniques for building interactive web pages, shiftin…
Author: Josh Fruhlinger
Asia, Europe
9 types of computer virus and how they do their dirty work
by Josh Fruhlinger •
The human mind loves to categorize things, and malware is no exception. We here at CSO have done our part: our malware explainer breaks down malware based on how it spreads (self-propagating worms, viruses piggybacking on other code, or sneakily dis…
Europe, North America
11 infamous malware attacks: The first and the worst
by Josh Fruhlinger •
Viruses and other malware spreading for sinister or baffling reasons has been a staple of cyberpunk novels and real-life news stories alike for decades. And in truth, there have been computer viruses on the internet since before it was the internet….
Europe, North America
SSO explained: Single sign-on definition, examples, and terminology
by Josh Fruhlinger •
What is SSO?
Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you on one desig…
Europe, North America
Logic bomb attacks: 4 famous examples
by Josh Fruhlinger •
What is a logic bomb?
A logic bomb is a piece of code left lying in wait on a computer that will execute under certain specified conditions and take actions the owner of that computer would consider malicious. The actual code that does the dirty wor…
Asia, Europe
What is cryptography? How algorithms keep information secret and safe
by Josh Fruhlinger •
Cryptography definition
Cryptography is the art of keeping information secure by transforming it into form that unintended recipients cannot understand. In cryptography, an original human readable message, referred to as plaintext, is changed by mea…
Europe, North America
How SAML works and enables single sign-on
by Josh Fruhlinger •
What is SAML and what is it used for?
The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer to perfor…
Asia, Europe
Keyloggers explained: How attackers record computer inputs
by Josh Fruhlinger •
What is a keylogger?
A keylogger is a tool that can record and report on a computer user’s activity as they interact with a computer. The name is a short version of keystroke logger, and one of the main ways keyloggers keep track of you is by record…
Asia, Europe
PCI DSS explained: Requirements, fines, and steps to compliance
by Josh Fruhlinger •
PCI DSS meaning
PCI DSS is a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe. PCI DSS stands for Payment Card Industry Data Security Standard. Companies…
Europe, North America
Computer viruses explained: Definition, types, and examples
by Josh Fruhlinger •
Computer virus definition
A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.Like other types of malware, a virus is deployed by attackers to damage or take contr…
Asia, Europe
What is phishing? Examples, types, and techniques
by Josh Fruhlinger •
Phishing definition
Phishing is a type of cyberattack that uses disguised email as a weapon. These attacks use social engineering techniques to trick the email recipient into believing that the message is something they want or need—a request from t…
Europe, North America
What is spear phishing? Examples, tactics, and techniques
by Josh Fruhlinger •
Spear phishing definition
Spear phishing is a targeted email attack purporting to be from a trusted sender.In spear phishing attacks, attackers often use information gleaned from research to put the recipient at ease. The ultimate aim is to either i…
Global IT News
What is Git? Version control for collaborative programming
by Josh Fruhlinger •
Git is a software platform mainly used by computer programmers for collaboration. At its core, Git keeps track of changes to files and allows multiple users to coordinate updates to those files. The most common use case for Git is developers working…
Europe, North America
What is SSL? How SSL certificates enable encrypted communication
by Josh Fruhlinger •
SSL and its descendent, TLS, are protocols that encrypt internet traffic, making secure internet communication and ecommerce possible.The decades-long history of these protocols has been marked by continuous updates that aim to keep pace with increa…
Europe, North America
8 IT security disasters: Lessons from cautionary examples
by Josh Fruhlinger •
Anyone who follows cybersecurity is aware of the steady drumbeat of data breaches and attacks. So, an attack needs to really stand out to earn the name “disaster.”We’ve assembled eight truly disastrous IT security failures over the past decade, with…
Europe, North America
What is SIEM? Security information and event management explained
by Josh Fruhlinger •
Security information and event management (SIEM) tools collect and aggregate log and event data to help identify and track breaches. They are powerful systems that give enterprise security professionals both insight into what’s happening in their IT…
Global IT News
15 star founders of high-flying open source projects
by Josh Fruhlinger •
A new generationImage by Alex DawsonLinus Torvalds is a giant of open source. And the story of how he created Linux as a student (Just For Fun, as the title of his book would have it), and then ruled (somewhat grumpily) over the community that develope…
Europe, North America
What is XSS? Cross-site scripting attacks explained
by Josh Fruhlinger •
Cross-site scripting (XSS) is a cyberattack in which a hacker enters malicious code into a web form or web application url. This malicious code, written in a scripting language like JavaScript or PHP, can do anything from vandalizing the website you…
Asia, Europe
What is RBAC? Role-based access control explained
by Josh Fruhlinger •
Role-based access control, or RBAC, is an approach for restricting access to digital resources based on a user’s role in an organization. For instance, under RBAC, a company’s accountant should be able to access corporate financial records but not t…
Asia, Europe
Malware explained: Definition, examples, detection and recovery
by Josh Fruhlinger •
What is malware?
Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs attackers use to wreak destruction and gain access to sensitive information.The key point is that malware is id…
Asia, Europe
Social engineering: Definition, examples, and techniques
by Josh Fruhlinger •
What is social engineering?
Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data.For example, instead of trying to find a software vulnerability, a soci…
Europe, North America
DDoS attacks: Definition, examples, and techniques
by Josh Fruhlinger •
What is a DDoS attack?
A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers, devices, se…
Europe, North America
7 hot cybersecurity trends (and 2 going cold)
by Josh Fruhlinger •
As we enter the second year of the pandemic, it’s not an exaggeration to say that COVID-19 has impacted every aspect of our personal and professional lives. When it comes to trends in enterprise security, the pandemic has been a gamechanger.To read thi…
Europe, North America
Protecting PII: Examples, laws, and standards
by Josh Fruhlinger •
PII definition: What is personally identifiable information?
PII, or personally identifiable information, is any piece of data that someone could use to figure out who you are. Some types of PII are obvious, such as your name or Social Security numb…
Europe, North America
How IPsec works, it’s components and purpose
by Josh Fruhlinger •
What is IPsec?
IPsec is a suite of protocols that are used to secure internet communications—in fact, the name itself is an abbreviation for Internet Protocol Security. IPsec was first codified in the ’90s, spurred on by the dawning realization tha…
Europe, North America
8 top penetration testing certifications employers value
by Josh Fruhlinger •
Penetration testing, sometimes called ethical hacking or red team hacking, is an exciting career path in which you simulate cyberattacks on target systems in order to test (and, ultimately, improve) their security. It’s a job that lots of people cur…
Europe, North America
Penetration testing explained: How ethical hackers simulate attacks
by Josh Fruhlinger •
What is penetration testing?
Definition: Penetration testing is a process in which a security professional simulates an attack on a network or computer system to evaluate its security—with the permission of that system’s owners.Don’t let the word “s…
Europe, North America
6 security analyst certifications to advance your career
by Josh Fruhlinger •
The security analyst is the backbone of a company’s day-to-day IT security. Whether they’re monitoring network infrastructure for breaches and intrusions as part of a security operations center, performing internal security audits, or analyzing past…
Europe, North America
How to hack a phone: 7 common attack methods explained
by Josh Fruhlinger •
The smartphone revolution was supposed to provide a second chance for the tech industry to roll out a secure computing platform. These new devices were purported to be locked down and immune to malware, unlike buggy PCs and vulnerable servers.But it…
Europe, North America
Cheap and free cybersecurity training: 8 ways to build skills without breaking the bank
by Josh Fruhlinger •
Every organization wants to keep its employees’ cybersecurity skills up to date, but for many, the cost of advanced formal trainings can break the budget. At the SANS Institute, for instance, considered by many to be the gold standard for profession…
Asia, Europe
10 essential skills and traits of ethical hackers
by Josh Fruhlinger •
What if you could spend your days trying to gain access to other people’s networks and computer systems—and not get in trouble for it? Of course, that’s every spy and cybercriminal’s dream, but only ethical hackers, also known as white hat hackers or p…
Europe, North America
SAML explained: How this open standard enables single sign on
by Josh Fruhlinger •
What is SAML?
The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer to perform some security function…
Europe, North America
CRISC certification: Your ticket to the C-suite?
by Josh Fruhlinger •
What is CRISC?
Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. It’s offered by ISACA, a nonprofit professional association focused on IT governance with a number of certific…
Europe, North America
Social engineering explained: How criminals exploit human behavior
by Josh Fruhlinger •
Social engineering definition
Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.For example, instead of trying to find a software vulnerability, a soc…
Asia, Europe
8 top cloud security certifications
by Josh Fruhlinger •
As companies move more and more of their infrastructure to the cloud, they’re forced to shift their approach to security. The security controls you need to put in place for a cloud-based infrastructure are different from those for a traditional data…
Europe, North America
CDPSE certification: Requirements, exam, and cost
by Josh Fruhlinger •
What is the CDPSE certification?
The Certified Data Privacy Solutions Engineer (CDPSE) certification focuses on the implementation of privacy solutions, from both a technical and governance perspective. It is offered by ISACA, a nonprofit profession…
Europe, North America
Security engineer job requirements, certifications, and salary
by Josh Fruhlinger •
What is a security engineer?
A security engineer is a cybersecurity professional who helps develop and implement strategies and systems to protect their organization’s infrastructure from cyberattacks. This is a role in an organization for someone w…
Europe, North America
Certified Cloud Security Professional (CCSP): Exam, cost, and requirements
by Josh Fruhlinger •
What is the CCSP certification?CCSP is a cloud-focused security certification for experienced security pros offered by the International Information System Security Certification Consortium, or (ISC)2. CCSP stands for Certified Cloud Security Profes…