featureCountdown to DORA: How CISOs can prepare for EU's newv Act The EU regulation meant to strengthen financial organizations' resilience to cyberattacks, will apply starting 17 January 2025, and it’s CISOs’ responsibility to make sure their organizations are compliant with the new regulation.By Andrada FiscuteanJul 24, 202411 minsRegulationFinancial Services IndustryRisk Management feature NHIs may be your biggest — and most neglected — security holeBy Evan SchumanJul 23, 20249 minsApplication SecurityIdentity and Access ManagementNetwork Securityfeature CrowdStrike failure: What you need to knowBy CIO staffJul 23, 20247 minsTechnology IndustryIncident ResponseBusiness Continuity opinionCrowdStrike meltdown highlights IT’s weakest link: Too much administrationBy Andy Ellis Jul 24, 20245 minsZero TrustTechnology IndustryIT Strategy newsPort shadow: Yet another VPN weakness ripe for exploitBy David Strom Jul 24, 20245 minsInternet SecurityNetwork Security news analysisICS malware FrostyGoop disrupted heating in Ukraine, remains threat to OT worldwideBy Lucian Constantin Jul 23, 20245 minsMalwareCritical InfrastructureNetwork Security opinionEarly IT takeaways from the CrowdStrike outageBy Susan Bradley Jul 23, 20248 minsIncident ResponseIT Strategy feature5 critical IT policies every organization should have in placeBy Bob Violino Jul 22, 20247 minsInternet SecurityDisaster RecoveryIT Strategy featureInternships can be a gold mine for cybersecurity hiringBy Christine Wong Jul 22, 20249 minsCSO and CISOMentoringHuman Resources More security newsnewsMicrosoft Defender SmartScreen bug actively used in stealer campaignThe vulnerability is being used by threat actors to spread multiple LNK files to download stealer payloads. By Shweta Sharma Jul 24, 2024 3 minsMalwareVulnerabilitiesnewsCrowdStrike blames it testing shortcomings for Windows meltdownCustomers will be given more control over when and where content is downloaded to reduce the risk of similar incidents in future.By John Leyden Jul 24, 2024 5 minsIncident ResponseEndpoint ProtectionSecuritynewsHackers leak documents stolen from Pentagon contractor LeidosLeidos serves prominent clients including the US Department of Defense (DOD), the Department of Homeland Security (DHS), NASA, and various other US and foreign agencies.By Gyana Swain Jul 24, 2024 3 minsData BreachnewsGoogle abandons plans to drop third-party cookies in ChromeChrome will now allow users to either experience web browsing within the Privacy Sandbox setting or continue to have traditional cross-site cookies activated.By Shweta Sharma Jul 23, 2024 1 minBrowser SecuritynewsWiz shocks the tech world as it rejects Google’s $23 billion bidThe Israeli cybersecurity startup is now looking at raising money through an initial public offering.By Gyana Swain Jul 23, 2024 3 minsTechnology IndustrynewsDaggerfly revamps malware toolkit with new backdoorsPreviously unattributed Macma linked to MgBot developers Daggerfly.By Lucian Constantin Jul 23, 2024 5 minsMacOS SecurityThreat and Vulnerability ManagementWindows SecuritynewsData of 13 million MediSecure customers compromised in ransomware attackMediSecure’s internal investigations revealed approximately 12.9 million customers had sensitive personal and health data stolen in the attack. By Shweta Sharma Jul 22, 2024 4 minsData BreachRansomwarenewsCrowdStrike CEO apologizes for crashing IT systems around the world, details fixAttempts to mitigate a novel Windows threat caused systems running CrowdStrike’s Falcon sensor to crash.By Peter Sayer Jul 20, 2024 4 minsSecuritynewsFederal judge greenlights securities fraud charges against SolarWinds and its CISO Although the court dismissed most of the SEC’s charges in its lawsuit against SolarWinds, the by far most serious charge – securities fraud by both the company and its CISO – survived. CISOs have little reason to celebrate.By Evan Schuman Jul 19, 2024 6 minsCSO and CISOLegalVulnerabilitiesnewsSolarwinds patches critical RCE flaws in Access Rights ManagerFlaws enable attackers to perform remote code execution without admin privileges. All users are encouraged to update to Version 2024.3 as soon as possible.By Mikael Markander Jul 19, 2024 1 minAccess ControlVulnerabilitiesnewsBlue screen of death strikes crowd of CrowdStrike serversA bad software update from security software vendor CrowdStrike has paralyzed Windows machines around the world.By Peter Sayer Jul 19, 2024 4 minsBugsSecurityfeatureInside the world’s largest ‘live-fire’ cyber-defense exerciseFrom the Retamares military base in Madrid, CSO Spain receives an inside look at the Spanish team’s headquarters for Locked Shields 2024, a worldwide event for practicing coordination and cooperation in defense of cyberspace.By Mario Moreno Jul 19, 2024 7 minsCyberattacksIT Training Critical Infrastructure Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI news analysisAI agents can find and exploit known vulnerabilities, study showsBy Maria Korolov Jul 02, 2024 8 minsZero-day vulnerabilityGenerative AIVulnerabilities newsMicrosoft warns of ‘Skeleton Key’ jailbreak affecting many generative AI modelsBy Shweta Sharma Jun 27, 2024 4 minsGenerative AIVulnerabilities newsMeta delays launch of Meta AI in Europe over disagreement with regulatorsBy Lynn Greiner Jun 17, 2024 3 minsRegulationData PrivacyGenerative AI View topic Cybercrime featureHow cybercriminals recruit insiders for malicious actsBy Dov Lerner Jul 16, 2024 17 minsCybercrime featureLogic bombs explained: Definition, examples, preventionBy Josh Fruhlinger Jul 05, 2024 12 minsMalwareCybercrimeSecurity brandpostSponsored by CyberArkUnderstanding APIs and how attackers abuse them to steal dataBy John Walsh, senior product marketing manager at CyberArk Jun 24, 2024 5 minsCybercrime View topic Careers featureWhat savvy hiring execs look for in a CISO todayBy Evan Schuman Jul 16, 2024 10 minsCSO and CISOCareersIT Leadership featureMore than a CISO: the rise of the dual-titled IT leaderBy Rosalyn Page Jul 10, 2024 8 minsCSO and CISOCareersIT Leadership featureCRISC certification: Exam, requirements, training, potential salaryBy Josh Fruhlinger Jul 09, 2024 8 minsCertificationsIT SkillsIT Training View topic IT Leadership featureIf you’re a CISO without D&O insurance, you may need to fight for itBy Linda Rosencrance Jul 08, 2024 7 minsCSO and CISOInsurance IndustryIT Leadership how-toTabletop exercise scenarios: 10 tips, 6 examplesBy Josh Fruhlinger and Sarah D. Scalet Jul 04, 2024 16 minsRansomwarePhishingDisaster Recovery featureWhat is digital executive protection and how does it work?By Deb Radcliff Jun 26, 2024 8 minsCSO and CISOCyberattacksEmployee Protection View topic Upcoming Events05/Aug-07/Aug in-person event CIO 100 Symposium & AwardsAug 05, 2024The Broadmoor, Colorado Springs, CO IDG Events 24/Sep in-person event FutureIT TorontoSep 24, 2024Vantage Venues, Toronto Events 26/Sep virtual event FutureIT CanadaSep 26, 2024Virtual Event Events View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Fortinet Key considerations for adopting a platform approach to cybersecurity By Nirav Shah Jul 22, 20245 mins Security feature Hashcat explained: How this password cracker works By J.M. Porup Jul 19, 20247 mins PasswordsNetwork SecuritySecurity news Cisco patches severe password reset flaw that lets hackers hijack SSM On-Prem license servers By John E. Dunn Jul 18, 20244 mins VulnerabilitiesSecurity podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO podcast CSO Executive Sessions: Data protection in Malaysia Jul 02, 202415 mins CSO and CISO video CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO video Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience Jul 10, 202424 mins CSO and CISO video CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO