feature17 hottest IT security certs for higher pay todayCybersecurity certifications can pave a path to lucrative career advancement. But timing the job market with the right credentials can be challenging. Here are the certs providing the largest pay boosts right now.By Eric Frank22 Nov 202417 minsCertificationsIT SkillsCareers feature What CISOs need to know about the SEC’s breach disclosure rulesBy John Leyden21 Nov 20247 minsCSO and CISORegulationGovernmentfeature 11 biggest financial sector cybersecurity threatsBy John Leyden20 Nov 202411 minsPhishingRansomwareRegulation news analysisRising ClickFix malware distribution trick puts PowerShell IT policies on noticeBy Lucian Constantin 21 Nov 20246 minsPhishingMalwareSocial Engineering newsNorth Korean fake IT workers up the ante in targeting tech firmsBy John Leyden 21 Nov 20245 minsSecurity newsAct fast to snuff out employee curiosity over 'free' AI appsBy Howard Solomon 20 Nov 20244 minsPhishingMalware how-toEDR buyer’s guide: How to pick the best endpoint detection and response solutionBy David Strom and Linda Rosencrance 19 Nov 202410 minsIntrusion Detection SoftwareSecurity Monitoring SoftwareData and Information Security featureSo, you don’t have a chief information security officer? 9 signs your company needs oneBy Christine Wong 18 Nov 202410 minsCSO and CISOHuman ResourcesSecurity Practices feature13 essential enterprise security tools — and 10 nice-to-havesBy Jaikumar Vijayan and Stephen Lawton 12 Nov 202432 minsCloud SecurityNetwork SecuritySecurity More security newsnewsGangster counseling center fears data leakThe security breach is potentially life-threatening for those affected.By Florian Maier 22 Nov 2024 2 minsData BreachSecuritynewsFBI pierces ‘anonymity’ of cryptocurrency, secret domain registrars in Scattered Spider probeWhen the US Justice Department unsealed documents on Wednesday revealing the arrests of key Scattered Spider suspects, it showed how easily they were able to cut through the gang’s anonymization efforts.By Evan Schuman 21 Nov 2024 7 minsPhishingCybercrimeSecuritynewsJob termination scam warns staff of phony Employment Tribunal decisionPhishing campaign preys on the worries of employees, says expertBy Howard Solomon 21 Nov 2024 5 minsPhishingMalwarenewsFinastra investigates breach potentially affecting top global banksAlleged theft involved 400 GB of customer and internal data presumably containing sensitive financial details.By Shweta Sharma 21 Nov 2024 3 minsData BreachSecuritynewsWeaponized pen testers are becoming a new hacker staplePopular security tools are getting abused in growing attacks as miscreants move to non-technical and brute-forcing methods.By Shweta Sharma 20 Nov 2024 4 minsMalwarePenetration TestingSecuritynewsPalo Alto Networks zero-day firewall flaws caused by basic dev mistakesAttackers are chaining two flaws in the wild to bypass authentication and escalate privileges via the PAN-OS management web interface to gain root privileges on Palo Alto Networks firewalls.By Lucian Constantin 19 Nov 2024 5 minsZero-day vulnerabilityNetwork SecurityVulnerabilitiesnewsAt Ignite, Microsoft looks to genAI, exposure managment, and new bug bounties to secure enterprise IT Microsoft is allocating $4 million to a new bug bounty program, Zero Day Quest, among other measures to enhance software security announced at its annual Ignite event.By Shweta Sharma 19 Nov 2024 4 minsGenerative AIIdentity and Access ManagementSecuritynewsFrom MFA mandates to locked-down devices, Microsoft posts a year of SFI milestones at IgniteThe Key Secure Future Initiative's November update includes compulsory MFA, device isolation, and secrets security. By Shweta Sharma 19 Nov 2024 5 minsMulti-factor AuthenticationGitHubSecuritynews analysisMusk's anticipated cost-cutting hacks could weaken American cybersecurity An Elon Musk-led initiative that aims to cut $2 trillion from the federal budget could hollow out US agencies' cybersecurity efforts, but experts say it won't be quick or easy.By Cynthia Brumfield 18 Nov 2024 9 minsCSO and CISOGovernment ITTechnology IndustrynewsMisconfigurations can cause many Microsoft Power Pages sites to expose sensitive data Organizations that develop websites with Microsoft Power Pages can accidentally overprovision database privileges for authenticated or anonymous users, leading to the exposure of sensitive records, a researcher has found.By Lucian Constantin 15 Nov 2024 7 minsWeb DevelopmentApplication SecuritySecurity PracticesnewsCISOs who delayed patching Palo Alto vulnerabilities now face real threat CISA said it has evidence of active exploitation for two out of six Expedition vulnerabilities Palo Alto Networks patched in October.By Shweta Sharma 15 Nov 2024 3 minsVulnerabilitiesSecurityfeatureSecurity awareness training: Topics, best practices, costs, free optionsSecurity awareness training helps develop an information security mindset in your workforce, equipping employees with the knowledge to be your organization’s first line of cyber defense.By Josh Fruhlinger 15 Nov 2024 9 minsPhishingIT TrainingData and Information Security Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Spotlight: AI in EnterpriseArticles * Buyer’s GuideWe showcase practical AI deployments, implementation strategies, and real-world considerations such as for data management and AI governance that IT and business leaders alike should know before plunging into AI. View all Popular topicsGenerative AI opinionImplementing zero trust in AI and LLM architectures: A practitioner’s guide to secure and responsible AI systemsBy Vaibhav Malik 14 Nov 2024 8 minsZero TrustGenerative AI newsSecuriti to help businesses build secure, compliant Gen AI with a new toolBy Shweta Sharma 29 Oct 2024 3 minsGenerative AISecurity SoftwareSecurity newsCISOs have to get on top of AI technologies, warns MicrosoftBy Howard Solomon 24 Oct 2024 9 minsCSO and CISOGenerative AI View topic Cybercrime newsFive-country attack on cybercrooks welcomed by security expertBy Howard Solomon 06 Nov 2024 6 minsCybercrimeLegal feature10 ways hackers will use machine learning to launch attacksBy Maria Korolov 05 Nov 2024 11 minsHackingMachine LearningCybercrime news analysisNation state actors increasingly hide behind cybercriminal tactics and malwareBy Lucian Constantin 01 Nov 2024 8 minsAdvanced Persistent ThreatsCyberattacksThreat and Vulnerability Management View topic Careers featureSecurity associations CISOs should know aboutBy Rosalyn Page 06 Nov 2024 9 minsCSO and CISOCareersIT Leadership news24% of CISOs actively looking to leave their jobsBy Evan Schuman 05 Nov 2024 3 minsCSO and CISOCareers opinionThe rise of the vCISO: From niche to necessity?By Dr. Mark Shmulevich 31 Oct 2024 6 minsCareersIT LeadershipSecurity View topic IT Leadership opinionThe CISO paradox: With great responsibility comes little or no powerBy Tyler Farrar 13 Nov 2024 6 minsCSO and CISOIT GovernanceSecurity Practices how-toDownload the AI in the Enterprise (for Real) SpotlightBy CIO.com and InfoWorld contributors 01 Nov 2024 1 minMachine LearningIT GovernanceIT Leadership featureSecurity priorities emphasize CISO role on the riseBy Esther Shein 23 Oct 2024 9 minsCSO and CISOIT StrategyIT Leadership View topic In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos feature CSO30 ASEAN 2024: The top 30 cybersecurity leaders in Southeast Asia and Hong Kong By CSO Events 20 Nov 20244 mins IT LeadershipSecurity brandpost Sponsored by Microsoft Security Overcome fragmented cloud security operations with unified XDR and SIEM By Mike Andrews, Director of Specialist Management, Cybersecurity Global Black Belt, Microsoft and Trevor Stuart, Senior Cybersecurity Global Black Belt II, Microsoft 14 Nov 20244 mins Cloud Security news US says China conducted massive espionage through breached telcos By Shweta Sharma 14 Nov 20243 mins Hacker Groups podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands 08 Jul 202418 mins CSO and CISO video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 1) 04 Nov 202419 mins Supply ChainCritical InfrastructureSecurity video CSO Executive Sessions: Standard Chartered’s Alvaro Garrido on cybersecurity in the financial services industry 23 Oct 202410 mins Financial Services IndustrySecurity