featureThe biggest data breach fines, penalties, and settlements so farHacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $4.4 billion and counting.By Shweta Sharma and Michael HillApr 26, 202416 minsData BreachSecurity news New CISO appointments 2024By CSO StaffApr 26, 202414 minsCSO and CISOIT JobsIT Governancenews Top cybersecurity product news of the weekBy CSO staffApr 26, 202481 minsGenerative AISecurity featureLooking outside: How to protect against non-Windows network vulnerabilitiesBy Susan Bradley Apr 25, 20247 minsWindows SecurityNetwork SecuritySecurity Practices newsSalt Security adds defense against OAuth attacksBy Shweta Sharma Apr 25, 20243 minsAuthenticationSecurity Software newsCisco urges immediate software upgrade after state-sponsored attackBy Prasanth Aby Thomas Apr 25, 20243 minsVulnerabilities news analysisHow the ToddyCat threat group sets up backup traffic tunnels into victim networksBy Lucian Constantin Apr 24, 20246 minsAdvanced Persistent ThreatsThreat and Vulnerability ManagementNetwork Security newsNew OT security service can help secure against critical systems attacksBy Shweta Sharma Apr 24, 20243 minsSecurity Software featureWhat is biometrics? 10 physical and behavioral identifiers that can be used for authenticationBy Maria Korolov Apr 24, 202414 minsBiometricsAuthenticationSecurity More security newsnewsAuthentication failure blamed for Change Healthcare ransomware attackAbsence of multi-factor authentication reportedly left a remote access application exposed.By John Leyden Apr 23, 2024 5 minsRansomwareCyberattacksnewsRussian state-sponsored hacker used GooseEgg malware to steal Windows credentialsA now-patched Windows Print Spooler flaw was used by Forest Blizzard to drop the privilege-elevating malware for credential stealing and persistence.By Shweta Sharma Apr 23, 2024 3 minsMalwareWindows Securitynews analysisMore attacks target recently patched critical flaw in Palo Alto Networks firewallsThe vulnerability found in GlobalProtect could be exploited to gain access to corporate networks and has seen a rise in compromise attempts despite being patched.By Lucian Constantin Apr 22, 2024 5 minsThreat and Vulnerability ManagementZero-day vulnerabilityVulnerabilitiesnewsMITRE Corporation targeted by nation-state threat actorsThe non-profit organization said the breach occurred in January 2024 when the nation-state threat actor conducted a reconnaissance of MITRE’s networks by exploiting one of its VPNs through two Ivanti Connect Secure zero-day vulnerabilities.By Gyana Swain Apr 22, 2024 4 minsData Breachnews analysisWindows path conversion weirdness enables unprivileged rootkit behaviorMagicDot technique allows attackers to capitalize on an already-patched vulnerability simply by changing the dots in a path.By Lucian Constantin Apr 19, 2024 5 minsWindows SecurityThreat and Vulnerability ManagementVulnerabilitiesnewsRansomware feared in Octapharma Plasma’s US-wide shutdownThe disruption has impacted more than 150 plasma centers in the US, with possible effects on European operations.By Shweta Sharma Apr 19, 2024 3 minsRansomwarenews analysisCisco fixes vulnerabilities in Integrated Management ControllerCisco fixes high-risk flaws in the out-of-band management controller of multiple productsBy Lucian Constantin Apr 18, 2024 4 minsThreat and Vulnerability ManagementVulnerabilitiesnewsUK law enforcement busts online phishing marketplaceThe coordinated takedown has infiltrated the fraud service and made several arrests based on data found on the platform.By Shweta Sharma Apr 18, 2024 4 minsPhishingLegalnewsConsolidation blamed for Change Healthcare ransomware attackUnited HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused.By John Leyden Apr 18, 2024 5 minsRansomwareCyberattacksnewsCisco announces AI-powered Hypershield for autonomous exploit patching in the cloud AI-based capability is part of Cisco’s Security Cloud platform for hyperscalers.By John Dunn Apr 18, 2024 4 minsThreat and Vulnerability ManagementCloud Securitynews analysisAWS and Google Cloud command-line tools can expose secrets in CI/CD logsCloud vendors say it is up to users to ensure sensitive command outputs are not saved in logsBy Lucian Constantin Apr 17, 2024 4 minsCloud SecurityData and Information SecuritynewsSAP users are at high risk as hackers exploit application vulnerabilitiesResearch highlights heightened threat actor interests in SAP systems, targeting poorly patched organizations.By Shweta Sharma Apr 17, 2024 4 minsApplication SecurityVulnerabilities Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI featureKeeping up with AI: OWASP LLM AI Cybersecurity and Governance ChecklistBy Chris Hughes Mar 14, 2024 10 minsGenerative AISecurity PracticesOpen Source newsMicrosoft reveals general availability of Copilot for SecurityBy Samira Sarraf Mar 13, 2024 4 minsGenerative AIThreat and Vulnerability Management featureGenerative AI poised to make substantial impact on DevSecOpsBy Maria Korolov Mar 11, 2024 12 minsDevSecOpsGenerative AI View topic Cybercrime opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione Apr 02, 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki Mar 26, 2024 6 minsCyberattacksCybercrime news analysisNew phishing campaign targets US organizations with NetSupport RATBy Lucian Constantin Mar 21, 2024 3 minsPhishingCyberattacksMalware View topic Careers featureThe rise in CISO job dissatisfaction – what’s wrong and how can it be fixed?By Mary Pratt Apr 24, 2024 11 minsCSO and CISOCareersIT Leadership featureAre you a toxic cybersecurity boss? How to be a better CISOBy Christine Wong Apr 18, 2024 9 minsCSO and CISOHuman ResourcesRisk Management newsBoys’ club mentality still a barrier to women’s success in cybersecurity careersBy John Leyden Apr 10, 2024 5 minsCareersSecurity View topic IT Leadership featureTop cybersecurity M&A deals for 2024By CSO Staff Apr 12, 2024 12 minsMergers and AcquisitionsData and Information SecurityIT Leadership newsISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021By John Mello Jr. Apr 12, 2024 4 minsCSO and CISOSalariesHuman Resources featureWhen the boss doesn’t fit: Cybersecurity workforce more diverse than its managersBy Christine Wong Mar 26, 2024 10 minsCSO and CISOHuman ResourcesIT Leadership View topic Upcoming Events14/May in-person event FutureIT Boston 2024: AI, Data, & Tech LeadershipMay 14, 2024Boston, MA IT Leadership 05/Jun virtual event ForwardTech Virtual ShowcaseJun 05, 2024Virtual Event Technology Industry 18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Palo Alto Networks Cloud security teams: What to know as M&A activity rebounds in 2024 By Amol Mathur, SVP & GM of Prisma Cloud, Palo Alto Networks Apr 25, 20244 mins Cloud Security brandpost Sponsored by Microsoft Security What will cyber threats look like in 2024? By Microsoft Security Apr 24, 20245 mins Security opinion The Assumed Breach conundrum By Steven Sim Apr 23, 20244 mins Zero TrustSecurity podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 02, 202416 mins CSO and CISO podcast CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO podcast CSO Executive Sessions: Former convicted hacker Hieu Minh Ngo on blindspots in data protection Feb 20, 202421 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 01, 202416 mins CSO and CISO video CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO video LockBit feud with law enforcement feels like a TV drama Mar 05, 202456 mins RansomwareArtificial Intelligence