certification woman on laptop programmer devops data scientist by picjumbo

Backslash AppSec solution targets toxic code flows, threat model automation

New cloud-native solution aims to address time-consuming, manual methods for discovering and mapping application code security risks.

virus chatbot chatcpgt security binary code cybersecurity infosec information data leak

Sharing sensitive business data with ChatGPT could be risky

ChatGPT and similar large language models learn from the data you put in — and there are big risks in sharing sensitive business information with AI chatbots.

Palo Alto Networks

Ping Identity debuts decentralized access management system in early access

A new decentralized identity management system from Ping Identity promises fewer headaches and more robust security.


CSO  >  Microsoft Office  >  Patches + updates

As critical Microsoft vulnerabilities drop, attackers may adopt new techniques

As critical Microsoft software vulnerabilities decline, attackers will need to chain together less severe exploits to achieve code execution, elevate system privilege levels, and move around victim networks.

Palo Alto Networks

Developed countries lag emerging markets in cybersecurity readiness

Organizations in Asia-Pacific countries including Indonesia, the Philippines, Thailand, and India are generally more prepared for cyberattacks than their peers in more economically developed nations, according to a new Cisco report....

1887170134 attack surface programming abstract

9 attack surface discovery and management tools

The main goal of cyber asset attack surface management tools is to protect information about a company’s security measures from attackers. Here are 9 tools to consider when deciding what is best for the business.

Two developers collaborate on a project as they review code on a display in their workspace.

ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises

ForgeRock is adding Enterprise Connect Passwordless to its Identity Platform to provide no-code and low-code approaches for enterprises to add passwordless authentication to their IT infrastructure.

A magnifying lens exposes an exploit amid binary code.

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

The CISA pilot program will notify organizations of vulnerabilities that can lead to ransomware attacks, with small organizations the primary beneficiaries.


BianLian ransomware group shifts focus to extortion

The shift in the operating model comes as a result of Avast’s release of a decryption tool that allowed a victim of the BianLian ransomware gang to decrypt and recover their files without paying the ransom.

email popup warning window phishing cybersecurity security

7 guidelines for identifying and mitigating AI-enabled phishing campaigns

Phishing has always been a thorn in the side of enterprise cybersecurity, and recent AI developments such as ChatGPT are making things even worse. Here are some guidelines for dealing with the increasingly sophisticated phishing...


hand at keyboard with Windows logo

Two Patch Tuesday flaws you should fix right now

Vulnerabilities affecting both Outlook for Windows and Microsoft SmartScreen were patched recently — both could have wide-ranging impact.

iot security startups hot highlights planets rocket lock security

Cybersecurity startups to watch for in 2023

These startups are jumping in where most established security vendors have yet to go.

tiktok logo small

UK bans TikTok on government devices over data security fears

The UK has joined international partners in banning social media app TikTok from government electronic devices over concerns the Chinese-owned app could pose a security risk.

traders stock securities security office charts data analyses investing

When and how to report a breach to the SEC

Publicly traded companies will have to make decisions and prepare for the reporting of cybersecurity breaches to the Securities and Exchange Commission when new requirements are enacted.

shutterstock 1858812901 red team cyberspace red background

Why red team exercises for AI should be on a CISO's radar

As AI increasingly becomes part of systems under development, CISOs need to start considering the cyber risks that may originate from such systems and treat it like any traditional application, including running red team exercises.