newsHacker dumps data of 2.8 million Giant Tiger customersThe hacked information includes the customers' email addresses who either subscribed to the Canadian retailer's emails or had accounts created on its official website, their names, addresses, and phone numbers. By Shweta SharmaApr 15, 20243 minsData BreachHacking feature Top 6 bad cybersecurity habits of SMBs By Rosalyn PageApr 15, 202410 minsSmall and Medium BusinessData and Information SecurityRisk Managementnews Open-source scanner can identify risky Microsoft SCCM configurationsBy Lucian ConstantinApr 15, 20243 minsConfiguration ManagementThreat and Vulnerability Management news analysisAttackers exploit critical zero-day flaw in Palo Alto Networks firewallsBy Lucian Constantin Apr 12, 20243 minsZero-day vulnerabilityVulnerabilities newsCISA orders US government agencies to check email systems for signs of Russian compromiseBy John Dunn Apr 12, 20245 minsIncident ResponseSecurity Practices newsCISA opens its malware analysis and threat hunting tool for public useBy Shweta Sharma Apr 12, 20243 minsAnti Malware featureTop cybersecurity M&A deals for 2024By CSO Staff Apr 12, 202412 minsMergers and AcquisitionsData and Information SecurityIT Leadership newsTop cybersecurity product news of the weekBy CSO staff Apr 12, 202477 minsGenerative AISecurity newsISC2 study pegs average US cybersecurity salaries at $147K, up from $119K in 2021By John Mello Jr. Apr 12, 20244 minsCSO and CISOSalariesHuman Resources More security newsnewsCustomers of Sisense data analytics service urged to change credentialsSisense customers told to update credentials following a compromise that is under investigation.By Lucian Constantin Apr 11, 2024 5 minsData BreachData and Information Securitynews analysisAI tools likely wrote malicious script for threat group targeting German organizationsLatest attack by TA547 showed signs of large language model involvement in the creation of a PowerShell script used to deploy malware.By Lucian Constantin Apr 10, 2024 4 minsAdvanced Persistent ThreatsThreat and Vulnerability ManagementSecurity PracticesnewsBoys’ club mentality still a barrier to women’s success in cybersecurity careersEmployers’ efforts to hire and retain more women in cybersecurity roles can be undermined by a hostile working environment.By John Leyden Apr 10, 2024 5 minsCareersSecuritynewsGathid’s new access mapping tech promises affordable and streamlined IAMThrough the directed graph model technology, Gathid will provide organizations with a detailed, real-time inventory of their identities and permissions.By Shweta Sharma Apr 10, 2024 3 minsIdentity and Access ManagementSecurity Softwarenews analysisResearchers uncover evasion data exfiltration techniques that can be exploited in SharePointTwo methods discovered by Varonis Threat Labs can allow attackers to get around audit logs and steal files without setting off alarms.By Lucian Constantin Apr 09, 2024 6 minsThreat and Vulnerability ManagementData and Information SecurityNetwork SecuritynewsCohesity partners with Intel to solve insider threat challengesThe latest partnership focuses on minimizing the risk of cyberthreats to customers by introducing a solution that safeguards encryption keys.By Prasanth Aby Thomas Apr 09, 2024 3 minsEncryptionSecurity SoftwarenewsSysdig digs up a ransomware gang in stealth for over a decade The group was discovered recently through Sysdig honeypots as it attempted to exploit a Laravel vulnerability.By Shweta Sharma Apr 09, 2024 4 minsRansomwarenewsUS Environmental Protection Agency hack exposes data of 8.5 million users The leaked database has personal information of users including name, email, phone numbers, and address.By Shweta Sharma Apr 08, 2024 3 minsData Breachnews analysisGoogle Chrome aims to solve account hijacking with device-bound cookiesNew feature is designed to stop bad actors from intrusions that rely on stealing session cookies by using TPM crypto processors to securely store keys locally.By Lucian Constantin Apr 05, 2024 8 minsBrowser SecurityInternet SecurityIdentity and Access ManagementnewsAn onslaught of security flaws pushes Ivanti into security redesign Ivanti plans to revamp core engineering and security operations to arm against frequent and evolved adversary activities. By Shweta Sharma Apr 05, 2024 3 minsSecurity SoftwareVulnerabilitiesnewsNew CISO appointments 2024Keep up with news of CSO, CISO, and other senior security executive appointments.By CSO Staff Apr 05, 2024 10 minsCSO and CISOIT JobsIT GovernancenewsCyberattack forces Omni Hotels to shut down its IT systemsOmni shut down its IT systems in response to an attack it faced on Friday, disrupting key operations including reservations, payments, and point-of-sale systems. By Shweta Sharma Apr 04, 2024 4 minsCyberattacks Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI featureKeeping up with AI: OWASP LLM AI Cybersecurity and Governance ChecklistBy Chris Hughes Mar 14, 2024 10 minsGenerative AISecurity PracticesOpen Source newsMicrosoft reveals general availability of Copilot for SecurityBy Samira Sarraf Mar 13, 2024 4 minsGenerative AIThreat and Vulnerability Management featureGenerative AI poised to make substantial impact on DevSecOpsBy Maria Korolov Mar 11, 2024 12 minsDevSecOpsGenerative AI View topic Cybercrime opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione Apr 02, 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki Mar 26, 2024 6 minsCyberattacksCybercrime news analysisNew phishing campaign targets US organizations with NetSupport RATBy Lucian Constantin Mar 21, 2024 3 minsPhishingCyberattacksMalware View topic Careers feature5 groups that support diversity in cybersecurityBy Linda Rosencrance Apr 09, 2024 8 minsCSO and CISOCertificationsHuman Resources featureRecruit for diversity: Practical ways to remove bias from the hiring processBy Aimee Chanthadavong Apr 01, 2024 8 minsCareers featureThe CSO guide to top security conferencesBy CSO Staff Apr 01, 2024 17 minsTechnology IndustryIT SkillsEvents View topic IT Leadership featureWhen the boss doesn’t fit: Cybersecurity workforce more diverse than its managersBy Christine Wong Mar 26, 2024 10 minsCSO and CISOHuman ResourcesIT Leadership opinionThe cybersecurity skills shortage: A CISO perspectiveBy Jon Oltsik Mar 26, 2024 6 minsCSO and CISOIT SkillsIT Training featureWhy more women aren’t CISOs and how to change thatBy Rosalyn Page Mar 21, 2024 13 minsCSO and CISOCareersIT Leadership View topic Upcoming Events14/May in-person event FutureIT Boston 2024: AI, Data, & Tech LeadershipMay 14, 2024Boston, MA IT Leadership 05/Jun virtual event ForwardTech Virtual ShowcaseJun 05, 2024Virtual Event Technology Industry 18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos feature OWASP Top 10 OSS Risks: A guide to better open source security By Chris Hughes Apr 11, 202411 mins Threat and Vulnerability ManagementVulnerabilitiesOpen Source brandpost Sponsored by SailPoint What “next-gen” identity security actually means – and why it’s increasingly essential Apr 10, 20246 mins Risk Management feature Microsoft-blasting CSRB report offers roadmap for better cloud security By Cynthia Brumfield Apr 10, 20249 mins Cloud SecurityData and Information SecuritySecurity Practices podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 02, 202416 mins CSO and CISO podcast CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO podcast CSO Executive Sessions: Former convicted hacker Hieu Minh Ngo on blindspots in data protection Feb 20, 202421 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 01, 202416 mins CSO and CISO video CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO video LockBit feud with law enforcement feels like a TV drama Mar 05, 202456 mins RansomwareArtificial Intelligence