featureSecurity-FinOps collaboration can reap hidden cloud benefits: 11 tipsIn the cloud, financial efficiency and robust security are two key priorities. Breaking down silos between FinOps and cyber teams can provide synergies hidden in plain sight.By Will Kelly29 Nov 20249 minsCloud SecuritySecurity feature How not to hire a North Korean IT spyBy John Leyden28 Nov 20249 minsIT Leadershipopinion Cybersecurity’s oversimplification problem: Seeing AI as a replacement for human agency By Christopher Whyte27 Nov 20248 minsCSO and CISOSecurity PracticesSecurity featureThe CSO guide to top security conferencesBy CSO Staff 29 Nov 20245 minsTechnology IndustryIT SkillsEvents newsRussian APT RomCom combines Firefox and Windows zero-day flaws in drive-by exploitBy Lucian Constantin 27 Nov 20244 minsInternet SecurityThreat and Vulnerability ManagementSecurity Practices newsA US soldier is suspected of being behind the massive Snowflake data leakBy Shweta Sharma 27 Nov 20244 minsHacking how-to9 VPN alternatives for securing remote network accessBy Michael Hill and Tim Ferrill 26 Nov 202416 minsRemote Access SecurityNetwork Security featureTop challenges holding back CISOs' agendasBy Andrada Fiscutean 25 Nov 20249 minsCSO and CISORegulationIT Skills feature17 hottest IT security certs for higher pay todayBy Eric Frank 22 Nov 202417 minsCertificationsIT SkillsCareers More security newsnewsPopular game script spoofed to infect thousands of game developersThe malware loader, GodLoader, uses crafted Godot GDScript to run malicious codes and load known malware.By Shweta Sharma 29 Nov 2024 3 minsMalwareSecuritynewsBug causes Cloudflare to lose customer logs An outage affecting most users of Cloudflare Logs lost more than half of the logs normally sent to customers.By Lynn Greiner 27 Nov 2024 3 minsData and Information SecuritynewsQNAP fixes critical security holes in its networking solutionsThe critical flaws impacting QNAP’s NAS and QuRouter solutions could allow remote attackers to execute arbitrary commands on compromised systems.By Shweta Sharma 26 Nov 2024 3 minsVulnerabilitiesSecuritynewsStarbucks operations hit after ransomware attack on supply chain software vendorBlue Yonder, a supply chain software provider for Starbucks and other retailers, confirmed service disruptions caused by a ransomware attack.By Prasanth Aby Thomas 26 Nov 2024 3 minsRansomwareSupply ChainSecuritynewsAustralia’s first Cyber Security Act passes parliamentAfter a year of consultation, discussions and amendments, the Cyber Security Act which requires certain businesses to report ransom payments has passed by the parliament.By Samira Sarraf 25 Nov 2024 4 minsRegulationRansomwareCybercrimenews analysisWhat the cyber community should expect from the Trump transitionDespite anxiety over how the new administration might impact the cybersecurity status quo, experts say the nonpartisan nature of cyber policy means radical transformation is unlikely.By Cynthia Brumfield 25 Nov 2024 7 minsCSO and CISOGovernment ITGovernmentnewsGangster counseling center fears data leakThe security breach is potentially life-threatening for those affected.By Florian Maier 22 Nov 2024 2 minsData BreachSecuritynewsFBI pierces ‘anonymity’ of cryptocurrency, secret domain registrars in Scattered Spider probeWhen the US Justice Department unsealed documents on Wednesday revealing the arrests of key Scattered Spider suspects, it showed how easily they were able to cut through the gang’s anonymization efforts.By Evan Schuman 21 Nov 2024 7 minsPhishingCybercrimeSecuritynews analysisRising ClickFix malware distribution trick puts PowerShell IT policies on noticeIT teams should revisit PowerShell restrictions as an increasingly used click-and-fix technique has users self-serving fake system issues by invoking malicious PowerShell scripts themselves, reducing suspicion.By Lucian Constantin 21 Nov 2024 6 minsPhishingMalwareSocial EngineeringnewsJob termination scam warns staff of phony Employment Tribunal decisionPhishing campaign preys on the worries of employees, says expertBy Howard Solomon 21 Nov 2024 5 minsPhishingMalwarenewsFinastra investigates breach potentially affecting top global banksAlleged theft involved 400 GB of customer and internal data presumably containing sensitive financial details.By Shweta Sharma 21 Nov 2024 3 minsData BreachSecuritynewsNorth Korean fake IT workers up the ante in targeting tech firmsNorth Korean groups are now leveraging deepfake technologies when trying to scam companies into hiring fake IT workers, while adding exfiltration and extortion to their campaigns.By John Leyden 21 Nov 2024 5 minsSecurity Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Spotlight: AI in EnterpriseArticles * Buyer’s GuideWe showcase practical AI deployments, implementation strategies, and real-world considerations such as for data management and AI governance that IT and business leaders alike should know before plunging into AI. View all Popular topicsGenerative AI newsAt Ignite, Microsoft looks to genAI, exposure managment, and new bug bounties to secure enterprise ITBy Shweta Sharma 19 Nov 2024 4 minsGenerative AIIdentity and Access ManagementSecurity opinionImplementing zero trust in AI and LLM architectures: A practitioner’s guide to secure and responsible AI systemsBy Vaibhav Malik 14 Nov 2024 8 minsZero TrustGenerative AI newsSecuriti to help businesses build secure, compliant Gen AI with a new toolBy Shweta Sharma 29 Oct 2024 3 minsGenerative AISecurity SoftwareSecurity View topic Cybercrime newsFive-country attack on cybercrooks welcomed by security expertBy Howard Solomon 06 Nov 2024 6 minsCybercrimeLegal feature10 ways hackers will use machine learning to launch attacksBy Maria Korolov 05 Nov 2024 11 minsHackingMachine LearningCybercrime news analysisNation state actors increasingly hide behind cybercriminal tactics and malwareBy Lucian Constantin 01 Nov 2024 8 minsAdvanced Persistent ThreatsCyberattacksThreat and Vulnerability Management View topic Careers featureSecurity associations CISOs should know aboutBy Rosalyn Page 06 Nov 2024 9 minsCSO and CISOCareersIT Leadership news24% of CISOs actively looking to leave their jobsBy Evan Schuman 05 Nov 2024 3 minsCSO and CISOCareers opinionThe rise of the vCISO: From niche to necessity?By Dr. Mark Shmulevich 31 Oct 2024 6 minsCareersIT LeadershipSecurity View topic IT Leadership featureWhat CISOs need to know about the SEC’s breach disclosure rulesBy John Leyden 21 Nov 2024 7 minsCSO and CISORegulationGovernment news analysisMusk’s anticipated cost-cutting hacks could weaken American cybersecurityBy Cynthia Brumfield 18 Nov 2024 9 minsCSO and CISOGovernment ITTechnology Industry featureSo, you don’t have a chief information security officer? 9 signs your company needs oneBy Christine Wong 18 Nov 2024 10 minsCSO and CISOHuman ResourcesSecurity Practices View topic In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos news Act fast to snuff out employee curiosity over 'free' AI apps By Howard Solomon 20 Nov 20244 mins PhishingMalware feature CSO30 ASEAN 2024: The top 30 cybersecurity leaders in Southeast Asia and Hong Kong By CSO Events 20 Nov 20244 mins IT LeadershipSecurity news Weaponized pen testers are becoming a new hacker staple By Shweta Sharma 20 Nov 20244 mins MalwarePenetration TestingSecurity podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands 08 Jul 202418 mins CSO and CISO video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 1) 04 Nov 202419 mins Supply ChainCritical InfrastructureSecurity video CSO Executive Sessions: Standard Chartered’s Alvaro Garrido on cybersecurity in the financial services industry 23 Oct 202410 mins Financial Services IndustrySecurity