opinionMicrosoft’s mea culpa moment: how it should face up to the CSRB’s critical reportWhat should happen in the wake of the CSRB’s Microsoft report? This former security industry analyst has some suggestions.By Jon OltsikApr 23, 20244 minsWindows SecuritySecurity PracticesVulnerabilities news analysis More attacks target recently patched critical flaw in Palo Alto Networks firewallsBy Lucian ConstantinApr 22, 20245 minsThreat and Vulnerability ManagementZero-day vulnerabilityVulnerabilitiesnews MITRE Corporation targeted by nation-state threat actorsBy Gyana SwainApr 22, 20244 minsData Breach feature6 security items that should be in every AI acceptable use policyBy Linda Rosencrance Apr 22, 20248 minsRegulationIT GovernanceSecurity Practices news analysisWindows path conversion weirdness enables unprivileged rootkit behaviorBy Lucian Constantin Apr 19, 20245 minsWindows SecurityThreat and Vulnerability ManagementVulnerabilities newsRansomware feared in Octapharma Plasma’s US-wide shutdownBy Shweta Sharma Apr 19, 20243 minsRansomware newsTop cybersecurity product news of the weekBy CSO staff Apr 19, 202479 minsGenerative AISecurity news analysisCisco fixes vulnerabilities in Integrated Management ControllerBy Lucian Constantin Apr 18, 20244 minsThreat and Vulnerability ManagementVulnerabilities newsUK law enforcement busts online phishing marketplaceBy Shweta Sharma Apr 18, 20244 minsPhishingLegal More security newsnewsConsolidation blamed for Change Healthcare ransomware attackUnited HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused.By John Leyden Apr 18, 2024 5 minsRansomwareCyberattacksnewsCisco announces AI-powered Hypershield for autonomous exploit patching in the cloud AI-based capability is part of Cisco’s Security Cloud platform for hyperscalers.By John Dunn Apr 18, 2024 4 minsThreat and Vulnerability ManagementCloud Securitynews analysisAWS and Google Cloud command-line tools can expose secrets in CI/CD logsCloud vendors say it is up to users to ensure sensitive command outputs are not saved in logsBy Lucian Constantin Apr 17, 2024 4 minsCloud SecurityData and Information SecuritynewsSAP users are at high risk as hackers exploit application vulnerabilitiesResearch highlights heightened threat actor interests in SAP systems, targeting poorly patched organizations.By Shweta Sharma Apr 17, 2024 4 minsApplication SecurityVulnerabilitiesnews analysisUnderstanding CISA's proposed cyber incident reporting rulesCISA’s massive rulemaking will create the first US cyber incident and ransomware payment reporting mechanism that promises to radically overhaul the workloads of most cybersecurity professionals.By Cynthia Brumfield Apr 17, 2024 10 minsRegulationRansomwareCyberattacksnews analysisMore open-source project takeover attempts found after XZ Utils attackDiscovered after OpenJS Foundation Cross Project Council received a request for administrative access for a ‘quick fix’.By Lucian Constantin Apr 16, 2024 6 minsSocial EngineeringOpen SourcenewsSensitive US government data exposed after Space-Eyes data breachThe breach compromises sensitive data from critical US government agencies including the Department of Justice, Department of Homeland Security, and the US armed forces. By Shweta Sharma Apr 16, 2024 3 minsData BreachCyberattacksnews analysisUS supreme court ruling suggests change in cybersecurity disclosure processDecision puts pressure on CISOs and those crafting SEC filings as wording could be judged as “half-truths” and considered misleading.By Evan Schuman Apr 16, 2024 6 minsRegulationSecuritynewsHacker dumps data of 2.8 million Giant Tiger customersThe hacked information includes the customers' email addresses who either subscribed to the Canadian retailer's emails or had accounts created on its official website, their names, addresses, and phone numbers. By Shweta Sharma Apr 15, 2024 3 minsData BreachHackingnewsOpen-source scanner can identify risky Microsoft SCCM configurationsResearcher that helped compile the knowledge base of common misconfigurations in SCCM releases scanner MisconfigurationManager.ps1.By Lucian Constantin Apr 15, 2024 3 minsConfiguration ManagementThreat and Vulnerability Managementnews analysisAttackers exploit critical zero-day flaw in Palo Alto Networks firewallsPalo Alto Networks works on hotfixes for GlobalProtect vulnerability and is aware of “limited number of attacks".By Lucian Constantin Apr 12, 2024 3 minsZero-day vulnerabilityVulnerabilitiesnewsCISA orders US government agencies to check email systems for signs of Russian compromiseThe scope of cyberattack on Microsoft made public in January widens as government agencies ordered to assess the scale of Russian compromise.By John Dunn Apr 12, 2024 5 minsIncident ResponseSecurity Practices Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI featureKeeping up with AI: OWASP LLM AI Cybersecurity and Governance ChecklistBy Chris Hughes Mar 14, 2024 10 minsGenerative AISecurity PracticesOpen Source newsMicrosoft reveals general availability of Copilot for SecurityBy Samira Sarraf Mar 13, 2024 4 minsGenerative AIThreat and Vulnerability Management featureGenerative AI poised to make substantial impact on DevSecOpsBy Maria Korolov Mar 11, 2024 12 minsDevSecOpsGenerative AI View topic Cybercrime opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione Apr 02, 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki Mar 26, 2024 6 minsCyberattacksCybercrime news analysisNew phishing campaign targets US organizations with NetSupport RATBy Lucian Constantin Mar 21, 2024 3 minsPhishingCyberattacksMalware View topic Careers featureAre you a toxic cybersecurity boss? How to be a better CISOBy Christine Wong Apr 18, 2024 9 minsCSO and CISOHuman ResourcesRisk Management newsBoys’ club mentality still a barrier to women’s success in cybersecurity careersBy John Leyden Apr 10, 2024 5 minsCareersSecurity feature5 groups that support diversity in cybersecurityBy Linda Rosencrance Apr 09, 2024 8 minsCSO and CISOCertificationsHuman Resources View topic IT Leadership featureTop cybersecurity M&A deals for 2024By CSO Staff Apr 12, 2024 12 minsMergers and AcquisitionsData and Information SecurityIT Leadership newsISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021By John Mello Jr. Apr 12, 2024 4 minsCSO and CISOSalariesHuman Resources newsNew CISO appointments 2024By CSO Staff Apr 05, 2024 10 minsCSO and CISOIT JobsIT Governance View topic Upcoming Events14/May in-person event FutureIT Boston 2024: AI, Data, & Tech LeadershipMay 14, 2024Boston, MA IT Leadership 05/Jun virtual event ForwardTech Virtual ShowcaseJun 05, 2024Virtual Event Technology Industry 18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Synopsys How application security can create velocity at enterprise scale By Jason Schmitt, General Manager, Synopsys Software Integrity Group Apr 22, 20245 mins Security brandpost Sponsored by Synopsys DevSecOps: Still a challenge but more achievable than ever By Taylor Armerding, Security Advocate at Synopsys Software Integrity Group Apr 22, 20246 mins Security brandpost Sponsored by Synopsys Don’t be afraid of GenAI code, but don’t trust it until you test it By Taylor Armerding, Security Advocate at Synopsys Software Integrity Group Apr 22, 20245 mins Artificial Intelligence podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 02, 202416 mins CSO and CISO podcast CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO podcast CSO Executive Sessions: Former convicted hacker Hieu Minh Ngo on blindspots in data protection Feb 20, 202421 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 01, 202416 mins CSO and CISO video CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO video LockBit feud with law enforcement feels like a TV drama Mar 05, 202456 mins RansomwareArtificial Intelligence