featureHow leading CISOs build business-critical cyber culturesThree prominent CISOs discuss what defines great cybersecurity leadership today — and how to transform the cybersecurity function into a business-driven organizational asset.By Dan RobertsAug 15, 20249 minsCSO and CISOIT Strategy opinion Cybersecurity should return to reality and ditch the hypeBy Tyler FarrarAug 14, 20246 minsCSO and CISOSecurity PracticesIT Leadershipfeature CISOs face uncharted territory in preparing for AI security risksBy Cynthia BrumfieldAug 13, 20248 minsCSO and CISOSecurity Practices newsMIT delivers database containing 700+ risks associated with AI By Paul Barker Aug 15, 20246 minsRisk Management news analysisMicrosoft Outlook security hole lets attackers in without opening a tainted messageBy Evan Schuman Aug 14, 20244 minsEmail SecurityCyberattacksVulnerabilities newsSAP patches critical bugs allowing full system compromiseBy Shweta Sharma Aug 14, 20243 minsVulnerabilities news analysisMicrosoft patches six actively exploited vulnerabilitiesBy Lucian Constantin Aug 13, 20246 minsZero-day vulnerabilityVulnerabilities featureThe cyber assault on healthcare: What the Change Healthcare breach revealsBy Mary K. Pratt Aug 12, 202412 minsData BreachRansomwareHealthcare Industry feature6 IT risk assessment frameworks comparedBy Bob Violino Aug 09, 20249 minsData and Information SecurityROI and MetricsRisk Management More security newsnewsNIST finally settles on quantum-safe crypto standardsAfter years of review, the National Institute of Standards and Technology has chosen three encryption algorithms as the basis for its post-quantum security strategy.By Maria Korolov Aug 13, 2024 7 minsEncryptionnewsMitre, Microsoft differ on how severe MS Office flaw really isSecurity analyst sides with Mitre, describes flaw as ‘fantastic win for phishing campaigns.’By Paul Barker Aug 13, 2024 4 minsVulnerabilitiesnewsFBI strikes down rumored LockBit rebootThe FBI seized over 30 servers and domains associated with the criminal group in a joint operation. By Shweta Sharma Aug 13, 2024 3 minsRansomwarenewsCompanies poorly prepared for TLS transitionThe planned shortening of the lifespan of TLS certificates to 90 days should ensure more security. However, many companies are not prepared, a survey found.By Julia Mutzbauer Aug 12, 2024 2 minsBrowser SecurityInternet SecurityopinionWhy OT cybersecurity should be every CISO's concernRe-assessing the importance of operational technology outside of critical infrastructureBy Steven Sim Aug 12, 2024 5 minsCSO and CISOSecuritynewsTrump campaign suffers sensitive data breach in alleged Iranian hackThe campaign says sources hostile to the US have hacked into its accounts to steal and compromise sensitive election data.By Shweta Sharma Aug 12, 2024 4 minsData BreachElection HackingPhishingnewsAMD addresses Sinkclose vulnerability but older processors left unattendedThe company has decided not to extend these updates to its Ryzen 1000, 2000, and 3000 series processors or its Threadripper 1000 and 2000 models.By Gyana Swain Aug 12, 2024 4 minsVulnerabilitiesnewsAMD CPUs impacted by 18-year-old SMM flaw that enables firmware implantsSecurity reseachers estimate the ‘Sinkclose’ vulnerability affects ‘hundreds of millions of laptops, desktops, and servers,’ allowing attackers to execute malicious code on the most privileged execution mode on a computer.By Lucian Constantin Aug 09, 2024 4 minsVulnerabilitiesnews analysis5 key takeaways from Black Hat USA 2024The industry’s biggest annual get together offers CISOs a chance to chart industry trends. From cloud security to AI, here’s what’s notable about this year’s ‘hacker summer camp.’By John Leyden Aug 09, 2024 5 minsBlack HatnewsExclusive: CrowdStrike eyes Action1 for $1B amid fallout from Falcon update mishapThe acquisition could help CrowdStrike improve testing and deployment of updates to avoid Falcon-like failures.By Shweta Sharma Aug 09, 2024 4 minsTechnology IndustryPatch Management SoftwareMergers and AcquisitionsnewsS3 shadow buckets leave AWS accounts open to compromiseAttackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.By Lucian Constantin Aug 08, 2024 7 minsCloud SecurityVulnerabilitiesnewsPhishers have figured out that everyone is afraid of HRIn a report identifying the most effective and popular subject lines used by phishing attackers, HR was tops, along with “IT: Backup has failed” and “Action Required: Rejected Deposit.” Maybe subject line colons should be banned?By Evan Schuman Aug 08, 2024 3 minsEmail SecurityPhishing Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI newsGenerative AI takes center stage at Black Hat USA 2024By Shweta Sharma Aug 08, 2024 6 minsBlack HatGenerative AISecurity Software newsCequence streamlines API security through fresh LLM-specific offeringsBy Shweta Sharma Aug 06, 2024 4 minsGenerative AISecurity SoftwareAPIs newsHottest selling product on the darknet: Hacked gen AI accountsBy Shweta Sharma Jul 31, 2024 3 minsIdentity TheftGenerative AI View topic Cybercrime newsRansomware attack paralyzes milking robots — cow deadBy Martin Bayer Aug 07, 2024 2 minsRansomwareAgriculture IndustryCybercrime news analysisNorth Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike reportBy Cynthia Brumfield Aug 06, 2024 8 minsCyberattacksThreat and Vulnerability ManagementCybercrime newsWho are the two Russian convicts released in the US-Russia prisoner swap?By Shweta Sharma Aug 02, 2024 3 minsCybercrime View topic Careers featureThe CSO guide to top security conferencesBy CSO Staff Jul 31, 2024 9 minsTechnology IndustryIT SkillsEvents featureWhat savvy hiring execs look for in a CISO todayBy Evan Schuman Jul 16, 2024 10 minsCSO and CISOCareersIT Leadership featureMore than a CISO: the rise of the dual-titled IT leaderBy Rosalyn Page Jul 10, 2024 8 minsCSO and CISOCareersIT Leadership View topic IT Leadership featureBetter metrics can show how cybersecurity drives business successBy Mary K. Pratt Aug 07, 2024 9 minsCSO and CISOC-SuiteBusiness opinion5 recommendations for acing the SEC cybersecurity rulesBy Steve Durbin Aug 01, 2024 5 minsCSO and CISORegulationFinancial Services Industry feature5 critical IT policies every organization should have in placeBy Bob Violino Jul 22, 2024 7 minsInternet SecurityDisaster RecoveryIT Strategy View topic Upcoming Events24/Sep in-person event FutureIT TorontoSep 24, 2024Vantage Venues, Toronto Events 26/Sep virtual event FutureIT CanadaSep 26, 2024Virtual Event Events 08/Oct in-person event FutureIT DallasOct 08, 2024AT&T Stadium Events View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos how-to Download the network observability tools enterprise buyer’s guide By Denise Dubie Aug 13, 20241 min Network SecurityEnterprise Buyer’s Guides brandpost Sponsored by Microsoft Microsoft and NVIDIA: Partnering to protect AI workloads in Azure By Beth Stackpole Aug 12, 20244 mins Security news The top new cybersecurity products at Black Hat USA 2024 By Shweta Sharma Aug 08, 20248 mins Black HatSecurity Software podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe Aug 07, 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO video CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe Aug 07, 202417 mins RansomwareZero TrustCloud Security video CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO video Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience Jul 10, 202424 mins CSO and CISO