newsUS consumer protection agency bans employee mobile calls amid Chinese hack fearsEmployees have been instructed to switch to secure platforms after a telecom infrastructure breach linked to China.By Gyana Swain08 Nov 20244 minsHacking opinion Choosing AI: the 7 categories cybersecurity decision-makers need to understandBy Christopher Whyte08 Nov 202410 minsCSO and CISOSecurity PracticesSecurity Softwarenews The US Department of Defense has finalized cyber rules for its suppliers By John P. Mello Jr.08 Nov 20245 minsRegulationAerospace and Defense IndustryGovernment newsCisco IoT wireless access points hit by severe command injection flawBy John E. Dunn 07 Nov 20241 minWireless SecurityNetwork SecurityVulnerabilities newsBeware malicious NPM packages, Checkmarx warnsBy John E. Dunn 07 Nov 20241 minApplication Security newsInfostealers are using BYOVD to steal critical system dataBy Shweta Sharma 07 Nov 20243 minsVulnerabilitiesSecurity featureTop 5 security mistakes software developers makeBy David Strom 07 Nov 202410 minsDevSecOpsApplication Security featureDDoS attacks: Definition, examples, techniques, and how to defend themBy Josh Fruhlinger and Lucian Constantin 07 Nov 202411 minsDDoSCyberattacks newsFive-country attack on cybercrooks welcomed by security expertBy Howard Solomon 06 Nov 20246 minsCybercrimeLegal More security newsnewsSchneider Electric suffers data breach, exposing critical project and user dataHackers have demanded $125,000 ransom in “baguettes” following Schneider’s third data breach in two years, spotlighting security concerns on the day the company appoints a new CEO.By Gyana Swain 06 Nov 2024 4 minsData BreachnewsWas your last DocuSign-ed bill legitimate? Check againA novel phishing campaign abuses DocuSign APIs to send fake invoices at scale.By Shweta Sharma 06 Nov 2024 2 minsPhishingAPIsnewsMicrosoft Authenticator passkey support to be native in JanuaryIn statements that some labeled vague and confusing, Microsoft further embraced passkeys — and is decidedly not embracing CISOs who don’t want them. By Evan Schuman 05 Nov 2024 8 minsAuthenticationIdentity Management SolutionsnewsMan arrested in Canada allegedly linked to Snowflake data theftsUS requested the arrest and extradition of a man accused of the Ticketmaster and AT&T hacks.By Howard Solomon 05 Nov 2024 4 minsData BreachHackingnewsSource code alleged to be Nokia’s is for sale onlineIntelBroker says they obtained Nokia source code and other data from a third-party contractor; Nokia says it has found no signs of a breach.By Shweta Sharma 05 Nov 2024 3 minsData BreachSecuritynews24% of CISOs actively looking to leave their jobsIncreasing stress and a glass ceiling at most employers have CISOs eyeing the exit.By Evan Schuman 05 Nov 2024 3 minsCSO and CISOCareersnewsVMware’s AI query tool could be best for junior threat team members, say analystsIntelligent Assist will be released in Q1 next year to help SOC teams understand what's behind alerts, Broadcom announces.By Howard Solomon 05 Nov 2024 5 minsCloud SecurityData and Information SecuritynewsOkta’s ‘secure by design’ pledge suffers a buggy setbackOkta’s AD/LDAP authentication flaw allows an attacker to login without a password.By Shweta Sharma 05 Nov 2024 4 minsAuthenticationVulnerabilitiesSecuritynewsA new SharePoint vulnerability is already being exploitedMicrosoft SharePoint makes it simpler for enterprises to help employees discover documents on their internal network — but a recently exploited vulnerability is making easier for attackers to get inside the corporate network too.By Daniel Olszewski 04 Nov 2024 3 minsWindows SecurityVulnerabilitiesSecuritynews analysisEnterprises look to AI to bridge cyber skills gap — but will still fall shortISC2 Cybersecurity Workforce Study reports stalled growth as budgets tighten. Automation and AI seen as possible stopgaps, despite widespread caveats.By John Leyden 04 Nov 2024 8 minsBudgetIT SkillsIT StrategynewsGet details right to safely implement DANE in Exchange Online, warn expertsExperts welcome Microsoft’s announcement that Exchange Online can now handle Inbound SMTP DANE with DNSSEC to improve email security, but admins may not find it easy to implement.By Howard Solomon 01 Nov 2024 4 minsEmail Securitynews analysisNation state actors increasingly hide behind cybercriminal tactics and malwareMicrosoft’s Digital Defense Report offers new insights into a rising trend that sees lines blurring between cyberespionage and cybercriminal activity.By Lucian Constantin 01 Nov 2024 8 minsAdvanced Persistent ThreatsCyberattacksThreat and Vulnerability Management Show more Show less Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy View all topics All topics Close Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Generative AI Popular topicsCybercrime feature10 ways hackers will use machine learning to launch attacksBy Maria Korolov 05 Nov 2024 11 minsHackingMachine LearningCybercrime interviewHow Interpol is adapting to the ever-evolving cybercrime landscapeBy Mario Moreno 25 Oct 2024 8 minsGovernment ITGovernmentCyberattacks newsLockbit dismantling progressesBy Florian Maier 02 Oct 2024 2 minsRansomwareCybercrime View topic Careers featureSecurity associations CISOs should know aboutBy Rosalyn Page 06 Nov 2024 9 minsCSO and CISOCareersIT Leadership opinionThe rise of the vCISO: From niche to necessity?By Dr. Mark Shmulevich 31 Oct 2024 6 minsCareersIT LeadershipSecurity featureThe CSO guide to top security conferencesBy CSO Staff 31 Oct 2024 4 minsTechnology IndustryIT SkillsEvents View topic IT Leadership how-toDownload the AI in the Enterprise (for Real) SpotlightBy CIO.com and InfoWorld contributors 01 Nov 2024 1 minMachine LearningIT GovernanceIT Leadership featureSecurity priorities emphasize CISO role on the riseBy Esther Shein 23 Oct 2024 9 minsCSO and CISOIT StrategyIT Leadership featureWhat makes a great CISOBy Rosalyn Page 21 Oct 2024 8 minsCSO and CISOCareersIT Leadership View topic Upcoming Events28/Nov conference The Official CSO Security Summit UK28 Nov 20249:00 am – 17:30Andaz London Liverpool Street CSO and CISO 28/Nov awards CSO 30 Awards UK28 Nov 202418:00 – 21:30Andaz London Liverpool Street CSO and CISO 28/Nov awards Next CSO Awards UK28 Nov 202418:30-21:30 GMTAndaz London Liverpool Street CSO and CISO View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Microsoft Security Why AI is the final missing piece of the CNAPP puzzle By Ron Matchoro, Head of Product, Microsoft Defender for Cloud – Data & AI Security 07 Nov 20245 mins Cloud Security opinion Kicking dependency: Why cybersecurity needs a better model for handling OSS vulnerabilities By Chris Hughes 06 Nov 202411 mins Threat and Vulnerability ManagementSupply ChainSecurity Software brandpost Sponsored by Fortinet As scams targeting the U.S. 2024 presidential election flood the darknet, here’s how to shore up cybersecurity defenses By Derek Manky, Chief Security Strategist and VP of Global Threat Intelligence at Fortinet 04 Nov 20244 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands 08 Jul 202418 mins CSO and CISO video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 1) 04 Nov 202419 mins Supply ChainCritical InfrastructureSecurity video CSO Executive Sessions: Standard Chartered’s Alvaro Garrido on cybersecurity in the financial services industry 23 Oct 202410 mins Financial Services IndustrySecurity video CSO Executive Sessions: New World Development’s Dicky Wong on securing critical infrastructure 16 Oct 202412 mins Critical InfrastructureSecurity