feature2024 Olympics put cybersecurity teams on high alertEscalating cyberthreats, hacktivism, and cyber espionage suggest the Paris Games may present the greatest cybersecurity risk ever. Here’s what to look out for and how to prep.By Christine WongJul 29, 20249 minsCyberattacksIncident ResponseData and Information Security opinion What CISOs can do to bridge their cyber talent gapBy David GeeJul 26, 20247 minsIT SkillsIT Training feature How attackers evade your EDR/XDR system — and what you can do about itBy Matt HandJul 25, 20249 minsAdvanced Persistent ThreatsEndpoint Protection opinionCrowdStrike debacle underscores importance of having a planBy Christopher Burgess Jul 29, 20246 minsIncident ResponseTechnology Industry newsVMware ESXi hypervisor vulnerability grants full admin privilegesBy Lynn Greiner Jul 29, 20244 minsVulnerabilities newsMicrosoft shifts focus to kernel-level security after CrowdStrike incidentBy Gyana Swain Jul 29, 20244 minsWindows Security newsCrowdStrike was not the only security vendor vulnerable to hasty testingBy Shweta Sharma Jul 29, 20244 minsApp TestingVulnerabilities news analysisSecure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardyBy Lucian Constantin Jul 26, 20247 minsVulnerabilities newsDocker re-fixes a critical authorization bypass vulnerabilityBy Shweta Sharma Jul 25, 20243 minsOpen SourceVulnerabilities More security newsnewsNIST releases new tool to check AI models’ securityDioptra — an open source software package — allows developers to determine what type of attacks would make the model perform less effectively.By Anirban Ghoshal Jul 29, 2024 1 minGenerative AInewsCounting the cost of CrowdStrike: the bug that bit billionsCyber insurance coverage is set to cover only a fraction of the losses, leaving affected businesses to grapple with substantial uncovered expenses.By Shweta Sharma Jul 26, 2024 1 minBusiness ContinuityEndpoint ProtectionfeatureDNSSEC explained: Why you might want to implement it on your domainThe Domain Name System Security Extensions provides cryptographic authentication to prevent redirection to rogue websites, but owners of many domains have yet to adopt it.By Lucian Constantin Jul 26, 2024 13 minsEncryptionInternet SecuritySecurityopinionProject 2025 could escalate US cybersecurity risks, endanger more AmericansThe conservative think tank blueprint for how Donald Trump should govern the US if he wins in November calls for dismantling CISA, among many cyber-related measures. Experts say this would increase cybersecurity risks, undermine critical infrastructure, and put more Americans in danger.By Cynthia Brumfield Jul 25, 2024 10 minsGovernment ITGovernmentIT Governance FrameworksnewsMicrosoft Defender SmartScreen bug actively used in stealer campaignThe vulnerability is being used by threat actors to spread multiple LNK files to download stealer payloads. By Shweta Sharma Jul 24, 2024 3 minsMalwareVulnerabilitiesnewsCrowdStrike blames it testing shortcomings for Windows meltdownCustomers will be given more control over when and where content is downloaded to reduce the risk of similar incidents in future.By John Leyden Jul 24, 2024 5 minsIncident ResponseEndpoint ProtectionSecuritynewsHackers leak documents stolen from Pentagon contractor LeidosLeidos serves prominent clients including the US Department of Defense (DOD), the Department of Homeland Security (DHS), NASA, and various other US and foreign agencies.By Gyana Swain Jul 24, 2024 3 minsData BreachopinionCrowdStrike meltdown highlights IT’s weakest link: Too much administrationCrowdStrike, Windows domain administration, SolarWinds — our implicit trust in admin software is a recipe for repeated disasters.By Andy Ellis Jul 24, 2024 5 minsZero TrustTechnology IndustryIT StrategyfeatureCountdown to DORA: How CISOs can prepare for EU's newv Act The EU regulation meant to strengthen financial organizations' resilience to cyberattacks, will apply starting 17 January 2025, and it’s CISOs’ responsibility to make sure their organizations are compliant with the new regulation.By Andrada Fiscutean Jul 24, 2024 11 minsRegulationFinancial Services IndustryRisk ManagementnewsPort shadow: Yet another VPN weakness ripe for exploitSharing connection information could be a problem among users of the same VPN server without proper protection, researchers have found. Corporate VPN servers in particular are vulnerable to the flaw.By David Strom Jul 24, 2024 5 minsInternet SecurityNetwork Securitynews analysisICS malware FrostyGoop disrupted heating in Ukraine, remains threat to OT worldwideThe malware leverages Modbus TCP communications to target operational technology assets — and can easily be repurposed to compromise other industrial controllers, putting widespread critical infrastructure at risk.By Lucian Constantin Jul 23, 2024 5 minsMalwareCritical InfrastructureNetwork SecurityfeatureCrowdStrike failure: What you need to knowA flawed update to CrowdStrike Falcon sent Windows servers and PCs across the globe into an endless reboot cycle that IT organizations are still working to remediate.By CIO staff Jul 23, 2024 7 minsTechnology IndustryIncident ResponseBusiness Continuity Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI news analysisAI agents can find and exploit known vulnerabilities, study showsBy Maria Korolov Jul 02, 2024 8 minsZero-day vulnerabilityGenerative AIVulnerabilities newsMicrosoft warns of ‘Skeleton Key’ jailbreak affecting many generative AI modelsBy Shweta Sharma Jun 27, 2024 4 minsGenerative AIVulnerabilities newsMeta delays launch of Meta AI in Europe over disagreement with regulatorsBy Lynn Greiner Jun 17, 2024 3 minsRegulationData PrivacyGenerative AI View topic Cybercrime featureHow cybercriminals recruit insiders for malicious actsBy Dov Lerner Jul 16, 2024 17 minsCybercrime featureLogic bombs explained: Definition, examples, preventionBy Josh Fruhlinger Jul 05, 2024 12 minsMalwareCybercrimeSecurity brandpostSponsored by CyberArkWhy identity security Is essential to cybersecurity strategyBy Claudio Neiva, CyberArk’s Field Technology Director (LATAM), PAM and Identity Security Jun 24, 2024 6 minsCybercrime View topic Careers featureWhat savvy hiring execs look for in a CISO todayBy Evan Schuman Jul 16, 2024 10 minsCSO and CISOCareersIT Leadership featureMore than a CISO: the rise of the dual-titled IT leaderBy Rosalyn Page Jul 10, 2024 8 minsCSO and CISOCareersIT Leadership featureCRISC certification: Exam, requirements, training, potential salaryBy Josh Fruhlinger Jul 09, 2024 8 minsCertificationsIT SkillsIT Training View topic IT Leadership feature5 critical IT policies every organization should have in placeBy Bob Violino Jul 22, 2024 7 minsInternet SecurityDisaster RecoveryIT Strategy featureInternships can be a gold mine for cybersecurity hiringBy Christine Wong Jul 22, 2024 9 minsCSO and CISOMentoringHuman Resources featureIf you’re a CISO without D&O insurance, you may need to fight for itBy Linda Rosencrance Jul 08, 2024 7 minsCSO and CISOInsurance IndustryIT Leadership View topic Upcoming Events05/Aug-07/Aug in-person event CIO 100 Symposium & AwardsAug 05, 2024The Broadmoor, Colorado Springs, CO IDG Events 24/Sep in-person event FutureIT TorontoSep 24, 2024Vantage Venues, Toronto Events 26/Sep virtual event FutureIT CanadaSep 26, 2024Virtual Event Events View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos news PM names new cybersecurity minister By Samira Sarraf Jul 28, 20242 mins CyberattacksGovernment how-to Download the unified endpoint management (UEM) platform enterprise buyer’s guide By Bob Violino Jul 26, 20241 min Mobile SecurityEndpoint ProtectionEnterprise Buyer’s Guides news Google abandons plans to drop third-party cookies in Chrome By Shweta Sharma Jul 23, 20241 min Browser Security podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO podcast CSO Executive Sessions: Data protection in Malaysia Jul 02, 202415 mins CSO and CISO video CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO video Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience Jul 10, 202424 mins CSO and CISO video CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO