news analysisRise of zero-day exploits reshape security recommendationsResearch from Rapid7 shows a spike in zero-days contributing to quicker exploit timelines, leaving IT security teams under strain with a greater need for post-incident response. By Lucian ConstantinMay 22, 20247 minsIncident ResponseZero-day vulnerabilitySecurity Practices opinion Employee discontent: Insider threat No. 1By Christopher BurgessMay 21, 20247 minsCSO and CISOThreat and Vulnerability ManagementHuman Resourcesfeature The inside story of Cyber Command’s creationBy Cynthia BrumfieldMay 20, 20248 minsAerospace and Defense IndustryCSO and CISOMilitary newsMicrosoft Azure’s Russinovich sheds light on key generative AI threatsBy David Strom May 22, 20244 minsGenerative AIData and Information Security newsUS government could mandate quantum-resistant encryption from JulyBy Gyana Swain May 22, 20243 minsGovernment ITRegulationEncryption opinionReducing CSO-CIO tension requires recognizing the signsBy David Gee May 22, 20246 minsCIOCSO and CISOIT Leadership news analysisGlobal stability issues alter cyber threat landscape, ESET reportsBy Evan Schuman May 20, 20244 minsAdvanced Persistent ThreatsCyberattacksThreat and Vulnerability Management featureCyber resilience: A business imperative CISOs must get rightBy Andrada Fiscutean May 16, 202412 minsCSO and CISORegulationIncident Response featureLow-tech tactics still top the IT security risk chartBy Rosalyn Page May 14, 20249 minsCyberattacksSocial EngineeringData and Information Security More security newsnewsCritical flaw found in Fluent Bit cloud services monitoring componentHyperscalers grapple with Linguistic Lumberjack vulnerability.By John Leyden May 23, 2024 4 minsCloud SecurityVulnerabilitiesnews analysisSEC rule for finance firms boosts disclosure requirementsAmendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers.By Evan Schuman May 17, 2024 5 minsData BreachFinancial Services IndustryData PrivacynewsFCC proposes BGP security measuresProtecting the Border Gateway Protocol is as important as protecting the border.By Gyana Swain May 17, 2024 1 minRegulationNetwork SecuritynewsUS AI experts targeted in cyberespionage using SugarGh0st RATThreat actors use phishing techniques to obtain non-public information about generative artificial intelligence.By Lucian Constantin May 16, 2024 4 minsPhishingData and Information SecuritynewsCycode rolls out ASPM connector marketplace, analysts see it as bare minimumApplication security posture management tools need to integrate with other security tools to do their job. By Evan Schuman May 16, 2024 4 minsApplication SecuritynewsBreachForums seized by law enforcement, admin Baphomet arrested Official telegram channels operated by BreachForums members confirm law enforcement seizures and arrest. By Shweta Sharma May 16, 2024 4 minsData BreachCybercrimenews analysisMicrosoft fixes three zero-day vulnerabilities, two actively exploitedThe company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize.By Lucian Constantin May 15, 2024 6 minsWindows SecurityZero-day vulnerabilitynewsSinging River ransomware attack now thought to have affected over 895,000The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.By Shweta Sharma May 15, 2024 4 minsData BreachRansomwarenewsBlack Basta ransomware impacted over 500 organizations worldwideCISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.By Lucian Constantin May 14, 2024 6 minsRansomwarePhishingHealthcare IndustrynewsEquipped with AI tools, hackers make apps riskier than everThe odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools.By Shweta Sharma May 14, 2024 4 minsApplication SecuritynewsIntelBroker steals classified data from the Europol websiteThe agency said core operations remain unaffected even as IntelBroker claimed to possess classified, law enforcement data.By Shweta Sharma May 13, 2024 3 minsData BreachHacker GroupsnewsCISA inks 68 tech vendors to secure-by-design pledge — but will it matter?CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law.By Jon Gold May 10, 2024 4 minsRegulationTechnology IndustrySecurity Practices Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI newsPalo Alto launches AI-powered solutions to fight AI-generated cyberthreatsBy Prasanth Aby Thomas May 09, 2024 3 minsGenerative AISecurity Software newsSecuriti adds distributed LLM firewalls to secure genAI applicationsBy Shweta Sharma Apr 30, 2024 4 minsGenerative AI newsTop cybersecurity product news of the weekBy CSO staff Apr 26, 2024 81 minsGenerative AISecurity View topic Cybercrime newsAdministrator of ransomware operation LockBit named, charged, has assets frozenBy Lucian Constantin May 07, 2024 3 minsAdvanced Persistent ThreatsHacker GroupsRansomware opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione Apr 02, 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki Mar 26, 2024 6 minsCyberattacksCybercrime View topic Careers featureAI governance and cybersecurity certifications: Are they worth it?By Maria Korolov May 06, 2024 12 minsCertificationsIT Training Careers featureThe CSO guide to top security conferencesBy CSO Staff May 01, 2024 15 minsTechnology IndustryIT SkillsEvents featureFinding the perfect match: What CISOs should ask before saying ‘yes’ to a jobBy Aimee Chanthadavong Apr 29, 2024 8 minsCSO and CISOCareers View topic IT Leadership featureSome strategies for CISOs freaked out by the specter of federal indictmentsBy Cynthia Brumfield May 10, 2024 7 minsCSO and CISOLegalSecurity Practices interviewStrong CIO-CISO relations fuel success at AllyBy Dan Roberts May 09, 2024 1 minCIOCSO and CISOIT Leadership featureWhat is IAM? Identity and access management explainedBy David Strom May 07, 2024 12 minsIdentity Management SolutionsIT LeadershipSecurity View topic Upcoming Events05/Jun virtual event ForwardTech Virtual ShowcaseJun 05, 2024Virtual Event Technology Industry 18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry 01/Jul in-person event SecureIT New York 2024Jul 01, 2024New York, NY Data and Information Security View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos feature Hijack of monitoring devices highlights cyber threat to solar power infrastructure By Cynthia Brumfield May 23, 20249 mins Energy IndustryUtilities IndustryCritical Infrastructure brandpost Sponsored by Cyber NewsWire Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud By Cyber NewsWire – Paid Press Release May 23, 20244 mins CyberattacksSecurity how-to Download the hybrid cloud data protection enterprise buyer’s guide By Neal Weinberg May 20, 20241 min Cloud SecurityData and Information SecurityEnterprise Buyer’s Guides podcast CSO Executive Session India with Pradipta Kumar Patro, Head of Cyber Security & IT Platform, KEC International May 22, 202426 mins CSO and CISO podcast CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 02, 202416 mins CSO and CISO video CSO Executive Sessions India with Pradipta Kumar Patro, Head of Cyber Security & IT Platform, KEC International May 22, 202426 mins CSO and CISO video CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 01, 202416 mins CSO and CISO