featureDeepfakes: Coming soon to a company near youAI-powered deepfake technology is rapidly advancing, and it’s only a matter of time before cybercriminals find a business model they can use, some security experts say.By Grant GrossJun 14, 20248 minsPhishingCybercrime feature Mastering the tabletop: 3 cyberattack scenarios to prime your responseBy Chris HughesJun 13, 202412 minsRansomwareThreat and Vulnerability ManagementSecurity Practicesfeature 8 critical lessons from the Change Healthcare ransomware catastropheBy John LeydenJun 12, 202411 minsMulti-factor AuthenticationCSO and CISORansomware newsMicrosoft president faces tough questions from Congress on China, securityBy John Leyden Jun 14, 20244 minsEmail SecurityCloud SecuritySecurity newsNew CISO appointments 2024By CSO Staff Jun 14, 202417 minsCSO and CISOIT JobsIT Governance news11 times the US government got hacked in 2023By Shweta Sharma Jun 13, 20247 minsGovernment ITData BreachCyberattacks opinionA CISO game plan for cloud securityBy David Linthicum Jun 13, 20241 minCloud Security opinionThe pressure on CISOs is real: fixing the hiring process would helpBy Christopher Burgess Jun 12, 20246 minsCSO and CISOHuman ResourcesIT Skills featureThe risks in mergers and acquisitions CISOs need to knowBy Aimee Chanthadavong Jun 11, 20248 minsCyberattacksMergers and AcquisitionsRisk Management More security newsfeatureWhat is Tor Browser? Software for protecting your identity onlineTor Browser offers the best anonymous web browsing available today, and researchers are hard at work improving Tor’s anonymity properties.By J.M. Porup Jun 14, 2024 12 minsInternetPrivacySecuritynewsHow shadow IT and obsolete software menace enterprise infrastructureWith 6% of IT assets at end of life, and almost one-third improperly managed, unpatched vulnerabilities are legion. By John Leyden Jun 13, 2024 4 minsPatch Management SoftwareThreat and Vulnerability ManagementnewsPure Storage says it was breached as Snowflake victim count continues to grow Attackers gained access to customer support telemetry but not customer arrays, company says.By John E. Dunn Jun 12, 2024 5 minsMulti-factor AuthenticationData BreachVulnerabilitiesnewsMicrosoft fixes dangerous zero-click Outlook remote code execution exploitThe vulnerability is particularly hazardous as it affects Outlook’s Preview Pane once an email has been opened.By Lucian Constantin Jun 12, 2024 3 minsWindows SecurityVulnerabilitiesnewsCriminals, too, see productivity gains from AIA new study looks at how criminals are using AI to further their goals. Bottom line: It’s disturbing.By Lynn Greiner Jun 12, 2024 6 minsGenerative AIThreat and Vulnerability ManagementnewsIT downtime cuts enterprise profit by 9%, says studyCIOs and CSOs would save large enterprises $200 million a year if they could eliminate downtime — and should budget more for dealing with ransomware, according to research by Splunk.By Shweta Sharma Jun 11, 2024 1 minRansomwareSecuritynewsCISOs may be too reliant on EDR/XDR defensesA global survey of cyberthreats highlighted how attackers are increasingly evading EDR systems to deliver their attacks. By Evan Schuman Jun 11, 2024 4 minsAdvanced Persistent ThreatsIntrusion Detection SoftwareEndpoint ProtectionnewsMFA soon compulsory for AWS users, passwordless authentication an optionAWS account holders can now use FIDO2 passkeys as an authentication method.By Shweta Sharma Jun 11, 2024 4 minsMulti-factor AuthenticationnewsFortinet grabs cloud security player LaceworkFortinet will integrate Lacework's technology across its secure access service edge (SASE) and Security Fabric packages.By Michael Cooney Jun 11, 2024 1 minCloud SecuritynewsNetskope secures SaaS apps with genAIEnhancements to Netskope’s cloud access security broker (CASB) module aim to secure the use of genAI and SaaS applications.By Denise Dubie Jun 11, 2024 1 minNetwork SecurityfeatureCertified Ethical Hacker (CEH): Certification cost, training, and valueCertified Ethical Hacker (CEH) is an early-career certification for security pros interested in assessing target systems using techniques often associated with hackers to help identify vulnerabilities for employers or clients. Learn how it will impact your job and salary and how to decide if this cert is right for you.By Josh Fruhlinger Jun 11, 2024 9 minsCertificationsPenetration TestingCareersnewsCritical PyTorch flaw puts sensitive AI data at riskResearchers have discovered a critical flaw in PyTorch’s distributed RPC system, allowing attackers to execute arbitrary commands on the OS and steal AI training data.By Lucian Constantin Jun 10, 2024 3 minsPyTorchVulnerabilities Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI newsComplaints in EU challenge Meta’s plans to utilize personal data for AIBy Prasanth Aby Thomas Jun 06, 2024 4 minsRegulationData PrivacyGenerative AI featureUnauthorized AI is eating your company data, thanks to your employeesBy Grant Gross Jun 05, 2024 7 minsData PrivacyGenerative AIIT Governance newsBug in EmbedAI can allow poisoned data to sneak into your LLMsBy Shweta Sharma May 31, 2024 3 minsGenerative AIVulnerabilities View topic Cybercrime brandpostSponsored by CyberArkThe growing threat of identity-related cyberattacks: Insights into the threat landscapeBy Brandon Traffanstedt, senior director in CyberArk’s Field Technology Office Jun 14, 2024 6 minsCybercrime newsMicrosoft: The brand attackers love to imitateBy Martin Bayer Jun 03, 2024 3 minsPhishingEmail SecurityCybercrime news‘Operation Endgame’ deals major blow to malware distribution botnetsBy Lucian Constantin May 30, 2024 4 minsBotnetsMalwareCybercrime View topic Careers featureCISM certification: Requirements, training, exam, and costBy Josh Fruhlinger Jun 04, 2024 9 minsCertificationsCareersSecurity featureThe CSO guide to top security conferencesBy CSO Staff May 31, 2024 12 minsTechnology IndustryIT SkillsEvents featureCISSP certification: Requirements, training, exam, and costBy Josh Fruhlinger and CSO Staff May 28, 2024 10 minsCertificationsCareersSecurity View topic IT Leadership opinionThe art of saying no is a powerful tool for the CISO in the era of AIBy Clarke Rodgers May 27, 2024 5 minsCSO and CISOSecurity PracticesIT Leadership featureTop cybersecurity M&A deals for 2024By CSO Staff May 24, 2024 14 minsMergers and AcquisitionsData and Information SecurityIT Leadership opinionReducing CSO-CIO tension requires recognizing the signsBy David Gee May 22, 2024 1 minCIOCSO and CISOIT Leadership View topic Upcoming Events18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry 01/Jul in-person event SecureIT New York 2024Jul 01, 2024New York, NY Data and Information Security 21/Oct-23/Oct awards CSO50 Conference + AwardsOct 21, 2024Phoenix, AZ CSO and CISOCybercrimeSecurity View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos how-to Download our cloud access security broker (CASB) enterprise buyer’s guide By Neal Weinberg and David Strom Jun 13, 20241 min Access ControlCloud SecurityEnterprise Buyer’s Guides news Snowflake: No breach, just compromised credentials, say researchers By Paul Barker Jun 10, 20245 mins Data BreachCloud Security news New York Times plays down impact of source code leak By John Leyden Jun 10, 20244 mins Data BreachCloud Security podcast CSO Executive Sessions India with Hilal Lone, CISO, Razorpay Jun 11, 202429 mins CSO and CISO podcast CSO Executive Sessions: The new realities of the CISO role – whistleblowing and legal liabilities May 28, 202417 mins CSO and CISO podcast CSO Executive Sessions India with Pradipta Kumar Patro, Global CISO and Head IT Platform, KEC International May 22, 202426 mins CSO and CISO video CSO Executive Session India with Hilal Lone, CISO, Razorpay Jun 11, 202429 mins CSO and CISO video CSO Executive Sessions: The new realities of the CISO role – whistleblowing and legal liabilities May 28, 202417 mins CSO and CISO video CSO Executive Sessions India with Pradipta Kumar Patro, Global CISO and Head IT Platform, KEC International May 22, 202426 mins CSO and CISO