featureMore than a CISO: the rise of the dual-titled IT leaderThe rise of dual-title CISOs reflects the changing dynamics of the role from gatekeepers of cybersecurity to managing business risk.By Rosalyn Page10 Jul 20248 minsCSO and CISOCareersIT Leadership feature Software supply chain still dangerous despite new protectionsBy Cynthia Brumfield10 Jul 202410 minsCloud SecuritySecurity PracticesSupply Chainnews analysis MD5 attack puts RADIUS networks everywhere at riskBy Lucian Constantin09 Jul 20247 minsCyberattacksNetwork Security newsMicrosoft mandates Chinese staff to use iPhones, not AndroidBy John Leyden 09 Jul 20243 minsMulti-factor AuthenticationMobile Security featureCisco adds heft to cybersecurity push with acquisitions, new talentBy Bob Violino 09 Jul 20241 minNetwork Security newsChina’s APT40 group can exploit vulnerabilities within hours of public releaseBy Gyana Swain 09 Jul 20244 minsAdvanced Persistent ThreatsHacker GroupsVulnerabilities featureFake network traffic is on the rise — here's how to counter itBy Mary K. Pratt 09 Jul 202412 minsThreat and Vulnerability ManagementData and Information SecurityNetwork Security featureCRISC certification: Exam, requirements, training, potential salaryBy Josh Fruhlinger 09 Jul 20248 minsCertificationsIT SkillsIT Training newsOpenAI failed to report a major data breach in 2023By Gyana Swain 08 Jul 20244 minsData BreachTechnology Industry More security newsnews analysisNew Intel CPU side-channel attack Indirector can leak sensitive dataThe Indirector attack discovered by University of California San Diego researchers focuses on the indirect branch predictor of a CPU.By Lucian Constantin 05 Jul 2024 5 minsAdvanced Persistent ThreatsThreat and Vulnerability ManagementVulnerabilitiesnewsOver 35,000 Ether subscribers targeted in a campaign from crypto drainingUsers were sent phishing emails linking to a website revealed to be a crypto drainer.By Shweta Sharma 05 Jul 2024 3 minsData BreachnewsEuropol disrupts about 600 abusive Cobalt Strike serversThe coordinated operation took down 593 IP addresses, which were flagged for abuse of the legitimate pen-testing software.By Shweta Sharma 04 Jul 2024 3 minsHackingPenetration TestingnewsPasskeys aren’t attack-proof, not until properly implementedAlmost all software and IT service authentications with passkey implementation are open to AitM attacks as they provide less secure backup options.By Shweta Sharma 03 Jul 2024 4 minsMulti-factor AuthenticationnewsCisco patches actively exploited zero-day flaw in Nexus switchesThe moderate-severity vulnerability has been observed being exploited in the wild by Chinese APT Velvet Ant. By Lucian Constantin 02 Jul 2024 4 minsThreat and Vulnerability ManagementZero-day vulnerabilityNetwork Securitynews analysisUS Supreme Court ruling will likely cause cyber regulation chaosThe ruling could weaken almost all US federal cybersecurity regulations, including SEC incident reporting, FCC data breach reporting, and CISA cyber incident reporting rules. By Cynthia Brumfield 02 Jul 2024 9 minsCSO and CISORegulationGovernmentnewsCocoaPods flaws left iOS, macOS apps open to supply-chain attack Although the hole in the CocoaPods tool is now closed, developers are advised to verify there's nothing rotten in the dependencies used in their existing code.By John Leyden 02 Jul 2024 5 minsiOS SecurityMacOS SecurityDevelopment Toolsnews analysisAI agents can find and exploit known vulnerabilities, study showsIn a somewhat chilling revelation, AI agents were able to find and exploit known vulnerabilities, but only under certain conditions, which researchers say indicates they're not close to being a significant threat – yet.By Maria Korolov 02 Jul 2024 8 minsZero-day vulnerabilityGenerative AIVulnerabilitiesnewsNew campaign uses malware ‘cluster bomb’ to effect maximum impactA single infection is being used to deliver a group of similarly behaving malware using a common loader.By Shweta Sharma 02 Jul 2024 4 minsMalwarenewsOpenSSH vulnerability regreSSHion puts millions of servers at riskResearchers from Qualys say regreSSHion allows attackers to take over servers with 14 million potentially vulnerable OpenSSH instances identified.By Lucian Constantin 01 Jul 2024 5 minsInternet SecurityVulnerabilitiesnewsGoogle to allow trusted web apps to access USB devicesLocal USB devices with sensitive data are presently restricted from being accessed by web applications over security concerns.By Shweta Sharma 01 Jul 2024 3 minsAccess ControlBrowser SecuritynewsTeamViewer targeted by APT29 hackers, containment measures in placeTeamViewer says the attack targeted its corporate network, not customer data or product functionality.By Gyana Swain 28 Jun 2024 3 minsCyberattacksRemote Access Security Show more Show less Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy View all topics All topics Close Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Generative AI Popular topicsCybercrime featureLogic bombs explained: Definition, examples, preventionBy Josh Fruhlinger 05 Jul 2024 12 minsMalwareCybercrimeSecurity brandpostSponsored by CyberArkWhy identity security Is essential to cybersecurity strategyBy Claudio Neiva, CyberArk’s Field Technology Director (LATAM), PAM and Identity Security 24 Jun 2024 6 minsCybercrime brandpostSponsored by CyberArkUnderstanding APIs and how attackers abuse them to steal dataBy John Walsh, senior product marketing manager at CyberArk 24 Jun 2024 5 minsCybercrime View topic Careers featureTop 12 cloud security certificationsBy Eric Frank 28 Jun 2024 14 minsCertificationsIT SkillsCloud Security featureThe CSO guide to top security conferencesBy CSO Staff 28 Jun 2024 10 minsTechnology IndustryIT SkillsEvents feature6 ways the CISO role is evolving todayBy Esther Shein 25 Jun 2024 12 minsCSO and CISOCareersIT Leadership View topic IT Leadership featureIf you’re a CISO without D&O insurance, you may need to fight for itBy Linda Rosencrance 08 Jul 2024 7 minsCSO and CISOInsurance IndustryIT Leadership how-toTabletop exercise scenarios: 10 tips, 6 examplesBy Josh Fruhlinger and Sarah D. Scalet 04 Jul 2024 16 minsRansomwarePhishingDisaster Recovery featureWhat is digital executive protection and how does it work?By Deb Radcliff 26 Jun 2024 8 minsCSO and CISOCyberattacksEmployee Protection View topic Upcoming Events28/Nov conference The Official CSO Security Summit UK28 Nov 20249:00 am – 17:30Andaz London Liverpool Street CSO and CISO 28/Nov awards CSO 30 Awards UK28 Nov 202418:00 – 21:30Andaz London Liverpool Street CSO and CISO 28/Nov awards Next CSO Awards UK28 Nov 202418:30-21:30 GMTAndaz London Liverpool Street CSO and CISO View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by CyberArk Identity security: The keystone of trust By Claudio Neiva, CyberArk’s Security Strategic Advisor, Director (LATAM) 09 Jul 20248 mins Security opinion Legacy systems are the Achilles’ heel of critical infrastructure cybersecurity By Christopher Burgess 08 Jul 20248 mins Threat and Vulnerability ManagementCritical InfrastructureSecurity Practices feature Kaspersky software ban: CISOs must move quickly, experts say By David Strom 04 Jul 20249 mins GovernmentAnti MalwareSecurity Software podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands 08 Jul 202418 mins CSO and CISO podcast CSO Executive Sessions: Data protection in Malaysia 02 Jul 202415 mins CSO and CISO podcast CSO Executive Session India with Mrinal Kanti Roy, CISO, Cairn Oil and Gas 01 Jul 202416 mins CSO and CISO video CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands 08 Jul 202418 mins CSO and CISO video CSO Executive Sessions: Data protection in Malaysia 02 Jul 202415 mins CSO and CISO video CSO Executive Session India with Mrinal Kanti Roy, CISO, Cairn Oil and Gas 01 Jul 202416 mins CSO and CISO