newsKroll cyber threat landscape report: AI assists attackers AI is simplifying all sorts of tasks — and not always for the better: cybercriminals, too, are adopting it.By Lynn Greiner24 May 20244 minsThreat and Vulnerability ManagementCybercrimeVulnerabilities news analysis Windows Recall — a ‘privacy nightmare’?By Matthew Finnegan24 May 20241 minPrivacyfeature What is spear phishing? Examples, tactics, and techniquesBy Josh Fruhlinger24 May 202414 minsPhishingCyberattacksFraud news analysisEmerging ransomware groups on the rise: Who they are, how they operateBy Lucian Constantin 24 May 20246 minsRansomwareCybercrime featureTop cybersecurity M&A deals for 2024By CSO Staff 24 May 202414 minsMergers and AcquisitionsData and Information SecurityIT Leadership newsTracking manual attacks may deliver zero-day previewsBy Evan Schuman 23 May 20244 minsCyberattacksFraudCybercrime news analysisMicrosoft amps up focus on Windows 11 security to address evolving cyberthreatsBy Lynn Greiner 23 May 20247 minsWindows Security newsLockBit no longer world’s No. 1 ransomware gangBy Viktor Eriksson 23 May 20242 minsRansomwareCybercrime newsFake Pegasus spyware source code floods dark webBy Gyana Swain 23 May 20244 minsHacker GroupsMalware More security newsnewsCritical flaw found in Fluent Bit cloud services monitoring componentHyperscalers grapple with Linguistic Lumberjack vulnerability.By John Leyden 23 May 2024 4 minsCloud SecurityVulnerabilitiesnews analysisEU resilience regulation DORA has financial CISOs waiting for answersIn January 2025, a new EU regulation targeting operational resilience will enter into force impacting cyber security in the financial sector, and others as well. But many uncertainties remain. By Karin Lindström 23 May 2024 5 minsRegulationFinancial Services IndustryIncident ResponsenewsUS government could mandate quantum-resistant encryption from JulyPost-quantum encryption standards, once defined, will gradually become mandatory for government contractors.By Gyana Swain 22 May 2024 3 minsGovernment ITRegulationEncryptionnewsMicrosoft Azure’s Russinovich sheds light on key generative AI threatsGenerative AI models have a larger attack surface than many CSOs might think. Microsoft Azure’s CTO walked through some of the more significant challenges facing developers and defenders.By David Strom 22 May 2024 4 minsGenerative AIData and Information Securitynews analysisRise of zero-day exploits reshape security recommendationsResearch from Rapid7 shows a spike in zero-days contributing to quicker exploit timelines, leaving IT security teams under strain with a greater need for post-incident response. By Lucian Constantin 22 May 2024 7 minsIncident ResponseZero-day vulnerabilitySecurity Practicesnews analysisGlobal stability issues alter cyber threat landscape, ESET reportsWith conflict on the rise, regional APT groups are increasing activity, altering focus, and putting specific industries in their crosshairs. Here’s what CISOs should know.By Evan Schuman 20 May 2024 4 minsAdvanced Persistent ThreatsCyberattacksThreat and Vulnerability Managementnews analysisSEC rule for finance firms boosts disclosure requirementsAmendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers.By Evan Schuman 17 May 2024 5 minsData BreachFinancial Services IndustryData PrivacynewsFCC proposes BGP security measuresProtecting the Border Gateway Protocol is as important as protecting the border.By Gyana Swain 17 May 2024 1 minRegulationNetwork SecuritynewsUS AI experts targeted in cyberespionage using SugarGh0st RATThreat actors use phishing techniques to obtain non-public information about generative artificial intelligence.By Lucian Constantin 16 May 2024 4 minsPhishingData and Information SecuritynewsCycode rolls out ASPM connector marketplace, analysts see it as bare minimumApplication security posture management tools need to integrate with other security tools to do their job. By Evan Schuman 16 May 2024 4 minsApplication SecuritynewsBreachForums seized by law enforcement, admin Baphomet arrested Official telegram channels operated by BreachForums members confirm law enforcement seizures and arrest. By Shweta Sharma 16 May 2024 4 minsData BreachCybercrimenews analysisMicrosoft fixes three zero-day vulnerabilities, two actively exploitedThe company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize.By Lucian Constantin 15 May 2024 6 minsWindows SecurityZero-day vulnerability Show more Show less Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy View all topics All topics Close Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Generative AI Popular topicsCybercrime newsAdministrator of ransomware operation LockBit named, charged, has assets frozenBy Lucian Constantin 07 May 2024 3 minsAdvanced Persistent ThreatsHacker GroupsRansomware opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione 02 Apr 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki 26 Mar 2024 6 minsCyberattacksCybercrime View topic Careers featureAI governance and cybersecurity certifications: Are they worth it?By Maria Korolov 06 May 2024 12 minsCertificationsIT Training Careers featureThe CSO guide to top security conferencesBy CSO Staff 01 May 2024 15 minsTechnology IndustryIT SkillsEvents featureFinding the perfect match: What CISOs should ask before saying ‘yes’ to a jobBy Aimee Chanthadavong 29 Apr 2024 8 minsCSO and CISOCareers View topic IT Leadership opinionReducing CSO-CIO tension requires recognizing the signsBy David Gee 22 May 2024 1 minCIOCSO and CISOIT Leadership featureThe inside story of Cyber Command’s creationBy Cynthia Brumfield 20 May 2024 8 minsAerospace and Defense IndustryCSO and CISOMilitary featureSome strategies for CISOs freaked out by the specter of federal indictmentsBy Cynthia Brumfield 10 May 2024 7 minsCSO and CISOLegalSecurity Practices View topic Upcoming Events13/Jun conference CIO Masterclass Summit13 Jun 20249:00 AM – 17:30 PMLondon, United Kingdom CIO 28/Nov conference The Official CSO Security Summit UK28 Nov 20249:00 am – 17:30Andaz London Liverpool Street CSO and CISO 28/Nov awards CSO 30 Awards UK28 Nov 202418:00 – 21:30Andaz London Liverpool Street CSO and CISO View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Microsoft Security Building an AI strategy for the modern SOC By Microsoft Security 23 May 20245 mins Security feature Hijack of monitoring devices highlights cyber threat to solar power infrastructure By Cynthia Brumfield 23 May 20249 mins Energy IndustryUtilities IndustryCritical Infrastructure brandpost Sponsored by Cyber NewsWire Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud By Cyber NewsWire – Paid Press Release 23 May 20244 mins CyberattacksSecurity podcast CSO Executive Sessions India with Pradipta Kumar Patro, Global CISO and Head IT Platform, KEC International 22 May 202426 mins CSO and CISO podcast CSO Executive Sessions: The personality of cybersecurity leaders 29 Apr 202419 mins CSO and CISO podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care 02 Apr 202416 mins CSO and CISO video CSO Executive Sessions India with Pradipta Kumar Patro, Global CISO and Head IT Platform, KEC International 22 May 202426 mins CSO and CISO video CSO Executive Sessions: The personality of cybersecurity leaders 29 Apr 202419 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care 01 Apr 202416 mins CSO and CISO