newsIranian hackers harvest credentials through advanced social engineering campaignsMandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials.By Shweta SharmaMay 02, 20244 minsHacker GroupsSocial Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industryBy Gyana SwainMay 02, 20245 minsData Breachnews UnitedHealth hack may impact a third of US citizens: CEO testimonyBy Prasanth Aby ThomasMay 02, 20244 minsData BreachRansomwareHacking newsMost interesting products to see at RSAC 2024By CSO Staff May 02, 20246 minsRSA ConferenceSecurity news analysisBiden delivers updated take on security for critical infrastructure By Cynthia Brumfield May 02, 20247 minsGovernmentThreat and Vulnerability ManagementCritical Infrastructure newsNIST publishes new guides on AI risk for developers and CISOsBy John Dunn May 01, 20244 minsRegulationGovernmentSecurity Practices news analysis5 key takeways from Verizon's 2024 Data Breach Investigations ReportBy Rosalyn Page May 01, 20245 minsData BreachZero-day vulnerabilityData and Information Security featureThe CSO guide to top security conferencesBy CSO Staff May 01, 202415 minsTechnology IndustryIT SkillsEvents feature3 Windows vulnerabilities that may not be worth patchingBy Susan Bradley May 01, 20247 minsWindows SecurityPatch Management SoftwareSecurity Practices More security newsnews analysisChinese threat actor engaged in multi-year DNS resolver probing effortThe unusual and persistent probing activity over the span of multiple years should be a reminder to organizations to identify and remove all open DNS resolvers from their networks.By Lucian Constantin Apr 30, 2024 7 minsCyberattacksNetwork SecuritynewsSecuriti adds distributed LLM firewalls to secure genAI applicationsThe new offering is aimed at protecting against prompt injection, data leakage, and training data poisoning in LLM systems. By Shweta Sharma Apr 30, 2024 4 minsGenerative AInewsUnitedHealth hackers exploited Citrix vulnerabilities, CEO to testifyIn the written testimony before the House Energy and Commerce Committee, CEO Andrew Witty said after gaining access, the threat actor moved laterally within the systems using sophisticated methods and exfiltrated data.By Prasanth Aby Thomas Apr 30, 2024 3 minsHacker GroupsCyberattacksVulnerabilitiesnewsMost attacks affecting SMBs target five older vulnerabilitiesAttackers target flaws for a reason: Even years after they are discovered, they still work. By John Dunn Apr 30, 2024 4 minsThreat and Vulnerability ManagementNetwork SecurityVulnerabilitiesnews analysisMarriott admits it falsely claimed for five years it was using encryption during 2018 breachMarriot revealed in a court case around a massive 2018 data breach that it had been using secure hash algorithm 1 and not the much more secure AES-1 encryption as it had earlier maintained.By Evan Schuman Apr 29, 2024 6 minsData BreachEncryptionLegalnewsUK’s revamped surveillance rules become law despite industry oppositionA new law expanding the Investigatory Powers Act, the UK’s already-controversial surveillance and data access rules, became law last week.By John Leyden Apr 29, 2024 4 minsGovernmentMobile SecuritySecuritynewsNew CISO appointments 2024Keep up with news of CSO, CISO, and other senior security executive appointments.By CSO Staff Apr 26, 2024 14 minsCSO and CISOIT JobsIT GovernancenewsTop cybersecurity product news of the weekNew product and service announcements from Forcepoint, Ionix, Amplifier Secutiry and Torq.By CSO staff Apr 26, 2024 81 minsGenerative AISecuritynewsSalt Security adds defense against OAuth attacksThe new offering is designed to mitigate vulnerabilities and misconfigurations associated with the open authentication (OAuth) authorization framework.By Shweta Sharma Apr 25, 2024 3 minsAuthenticationSecurity SoftwarenewsCisco urges immediate software upgrade after state-sponsored attackHackers exploited previously undetected vulnerabilities in Cisco’s Adaptive Security Appliances — a product that combines multiple cybersecurity functions.By Prasanth Aby Thomas Apr 25, 2024 3 minsVulnerabilitiesnews analysisHow the ToddyCat threat group sets up backup traffic tunnels into victim networksThe Chinese APT group is using a variety of tools to infiltrate networks and steal large amounts of data.By Lucian Constantin Apr 24, 2024 6 minsAdvanced Persistent ThreatsThreat and Vulnerability ManagementNetwork SecuritynewsNew OT security service can help secure against critical systems attacksCritical Start’s new offering is designed to handle security teams with specialized detection and response tooling for operational technology systems.By Shweta Sharma Apr 24, 2024 3 minsSecurity Software Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI featureKeeping up with AI: OWASP LLM AI Cybersecurity and Governance ChecklistBy Chris Hughes Mar 14, 2024 10 minsGenerative AISecurity PracticesOpen Source newsMicrosoft reveals general availability of Copilot for SecurityBy Samira Sarraf Mar 13, 2024 4 minsGenerative AIThreat and Vulnerability Management featureGenerative AI poised to make substantial impact on DevSecOpsBy Maria Korolov Mar 11, 2024 12 minsDevSecOpsGenerative AI View topic Cybercrime opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione Apr 02, 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki Mar 26, 2024 6 minsCyberattacksCybercrime news analysisNew phishing campaign targets US organizations with NetSupport RATBy Lucian Constantin Mar 21, 2024 3 minsPhishingCyberattacksMalware View topic Careers featureFinding the perfect match: What CISOs should ask before saying ‘yes’ to a jobBy Aimee Chanthadavong Apr 29, 2024 8 minsCSO and CISOCareers featureThe rise in CISO job dissatisfaction – what’s wrong and how can it be fixed?By Mary Pratt Apr 24, 2024 11 minsCSO and CISOCareersIT Leadership featureAre you a toxic cybersecurity boss? How to be a better CISOBy Christine Wong Apr 18, 2024 9 minsCSO and CISOHuman ResourcesRisk Management View topic IT Leadership featureCyber breach misinformation creates a haze of uncertaintyBy Cynthia Brumfield Apr 30, 2024 9 minsCSO and CISOData BreachSecurity Practices featureTop cybersecurity M&A deals for 2024By CSO Staff Apr 12, 2024 12 minsMergers and AcquisitionsData and Information SecurityIT Leadership newsISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021By John Mello Jr. Apr 12, 2024 4 minsCSO and CISOSalariesHuman Resources View topic Upcoming Events14/May in-person event FutureIT Boston 2024: AI, Data, & Tech LeadershipMay 14, 2024Boston, MA IT Leadership 05/Jun virtual event ForwardTech Virtual ShowcaseJun 05, 2024Virtual Event Technology Industry 18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos opinion Close the barn door now! Avoid the risk of not monitoring retained access before it’s a problem By Christopher Burgess Apr 30, 20246 mins CSO and CISOAccess ControlHuman Resources brandpost Sponsored by Microsoft Security Want to drive more secure GenAI? Try automating your red teaming By Microsoft Security Apr 29, 20245 mins Security brandpost Sponsored by Palo Alto Networks Is your hybrid/multicloud strategy putting your organization at risk? By Pete Bartolik Apr 29, 20244 mins Security podcast CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 02, 202416 mins CSO and CISO podcast CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO video CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 01, 202416 mins CSO and CISO video CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO