news analysisMassive security hole in VPNs shows their shortcomings as a defensive measureResearchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there.By Evan SchumanMay 08, 20248 minsThreat and Vulnerability ManagementData and Information SecurityNetwork Security feature How to future-proof Windows networks: Take action now on planned phaseouts and changesBy Susan BradleyMay 08, 20246 minsWindows SecurityThreat and Vulnerability ManagementNetwork Securitynews F5 patches BIG-IP Next Central Manager flaws that could lead to device takeoverBy Lucian ConstantinMay 08, 20245 minsThreat and Vulnerability ManagementCloud SecurityVulnerabilities interviewStrong CIO-CISO relations fuel success at AllyBy Dan Roberts May 09, 20249 minsCIOCSO and CISOIT Leadership newsZscaler shuts down exposed system after rumors of a cyberattackBy Shweta Sharma May 09, 20243 minsData BreachCyberattacks newsPalo Alto launches AI-powered solutions to fight AI-generated cyberthreats By Prasanth Aby Thomas May 09, 20243 minsGenerative AISecurity Software newsMost interesting products to see at RSAC 2024By CSO Staff May 07, 202412 minsRSA ConferenceSecurity featureAI governance and cybersecurity certifications: Are they worth it?By Maria Korolov May 06, 202412 minsCertificationsIT Training Careers how-toDownload the Zero Trust network access (ZTNA) enterprise buyer’s guideBy Josh Fruhlinger and steve_zurier May 06, 20241 minZero TrustAccess ControlNetwork Security More security newsnewsSuspected Chinese hack of Britain’s Ministry of Defence linked to contractor, minister confirmsThe UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner.By John Dunn May 08, 2024 4 minsAerospace and Defense IndustryData BreachGovernmentnewsDocGo says hackers stole patient data in a recent cyberattackThe attack compromised some healthcare data with no material or financial losses, the company said.By Shweta Sharma May 08, 2024 3 minsData BreachHackingnewsGoogle, Meta, Spotify accused of flouting Apple’s device fingerprinting rulesSecurity researchers allege that several apps are collecting data from iOS devices, violating Apple’s policy on device fingerprinting.By Gyana Swain May 08, 2024 7 minsMobile SecurityApplication Securitynews analysisKinsing crypto mining campaign targets 75 cloud-native applicationsFive years after being discovered, the Kinsing cryptojacking operation remains very active against organizations, employing daily probes for vulnerable applications using an ever-growing list of exploits.By Lucian Constantin May 08, 2024 6 minsCryptocurrencyMalwareApplication SecuritynewsAdministrator of ransomware operation LockBit named, charged, has assets frozenA Russian national alleged to have been the administrator of the notorious and prolific LockBit ransomware provider faces international charges. A $10-million reward for the suspect’s arrest has been offered.By Lucian Constantin May 07, 2024 3 minsAdvanced Persistent ThreatsHacker GroupsRansomwarenewsUS doing all it can to manage global cybersecurity threats, secretary of state tells RSAC The US government is moving to address the challenges of quantum computing, cloud strategies, and generative AI, Anthony Blinken said in a speech that was light on specifics.By Evan Schuman May 07, 2024 4 minsCyberattacksGovernmentThreat and Vulnerability ManagementnewsCitrix quietly fixes a new critical vulnerability similar to Citrix BleedMuch similar to Citrix-Bleed, the information disclosure bug was identified within NetScaler devices configured as gateway or virtual servers.By Shweta Sharma May 07, 2024 3 minsVulnerabilitiesnewsGoogle launches Google Threat Intelligence at RSA ConferenceThe new addition to Google Cloud Security is designed to inform security teams on approaches to protecting against external threats, managing attack surfaces, and mitigating digital risks.By Sascha Brodsky May 06, 2024 4 minsRSA ConferenceCloud SecuritySecurity SoftwarenewsGermany blames Russian hackers for months-long cyber espionageThe attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts.By Shweta Sharma May 06, 2024 4 minsAdvanced Persistent ThreatsHacker GroupsnewsCISA, FBI urge developers to patch path traversal bugs before shippingThe advisory highlights how developers can follow best practices to fix these vulnerabilities during production.By Shweta Sharma May 03, 2024 3 minsVulnerabilitiesnewsMicrosoft continues to add, shuffle security execs in the wake of security incidentsThe company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network.By Elizabeth Montalbano May 03, 2024 4 minsCSO and CISOnewsIranian hackers harvest credentials through advanced social engineering campaignsMandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials.By Shweta Sharma May 02, 2024 4 minsHacker GroupsSocial Engineering Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI newsSecuriti adds distributed LLM firewalls to secure genAI applicationsBy Shweta Sharma Apr 30, 2024 4 minsGenerative AI newsTop cybersecurity product news of the weekBy CSO staff Apr 26, 2024 81 minsGenerative AISecurity featureKeeping up with AI: OWASP LLM AI Cybersecurity and Governance ChecklistBy Chris Hughes Mar 14, 2024 10 minsGenerative AISecurity PracticesOpen Source View topic Cybercrime opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione Apr 02, 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki Mar 26, 2024 6 minsCyberattacksCybercrime news analysisNew phishing campaign targets US organizations with NetSupport RATBy Lucian Constantin Mar 21, 2024 3 minsPhishingCyberattacksMalware View topic Careers featureThe CSO guide to top security conferencesBy CSO Staff May 01, 2024 15 minsTechnology IndustryIT SkillsEvents featureFinding the perfect match: What CISOs should ask before saying ‘yes’ to a jobBy Aimee Chanthadavong Apr 29, 2024 8 minsCSO and CISOCareers featureThe rise in CISO job dissatisfaction – what’s wrong and how can it be fixed?By Mary Pratt Apr 24, 2024 11 minsCSO and CISOCareersIT Leadership View topic IT Leadership featureCyber breach misinformation creates a haze of uncertaintyBy Cynthia Brumfield Apr 30, 2024 9 minsCSO and CISOData BreachSecurity Practices newsNew CISO appointments 2024By CSO Staff Apr 26, 2024 14 minsCSO and CISOIT JobsIT Governance featureAre you a toxic cybersecurity boss? How to be a better CISOBy Christine Wong Apr 18, 2024 9 minsCSO and CISOHuman ResourcesRisk Management View topic Upcoming Events14/May in-person event FutureIT Boston 2024: AI, Data, & Tech LeadershipMay 14, 2024Boston, MA IT Leadership 05/Jun virtual event ForwardTech Virtual ShowcaseJun 05, 2024Virtual Event Technology Industry 18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Cyber NewsWire Hunters announces full adoption of OCSF and introduces OCSF-native search By Cyber NewsWire – Paid Press Release May 07, 20245 mins CyberattacksSecurity brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics By Mike Nichols, Product for Security at Elastic May 06, 20243 mins Artificial Intelligence feature Malware explained: How to prevent, detect and recover from it By Josh Fruhlinger May 03, 202418 mins RansomwarePhishingMalware podcast CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 02, 202416 mins CSO and CISO podcast CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO video CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 01, 202416 mins CSO and CISO video CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO