newsAuthentication failure blamed for Change Healthcare ransomware attackAbsence of multi-factor authentication reportedly left a remote access application exposed.By John Leyden23 Apr 20245 minsRansomwareCyberattacks news Russian state-sponsored hacker used GooseEgg malware to steal Windows credentialsBy Shweta Sharma23 Apr 20243 minsMalwareWindows Securityfeature Top 10 physical security considerations for CISOsBy Ericka Chickowski23 Apr 202414 minsCritical InfrastructureSecurity InfrastructureSecurity opinionMicrosoft’s mea culpa moment: how it should face up to the CSRB’s critical reportBy Jon Oltsik 23 Apr 20244 minsWindows SecuritySecurity PracticesVulnerabilities news analysisMore attacks target recently patched critical flaw in Palo Alto Networks firewallsBy Lucian Constantin 22 Apr 20245 minsThreat and Vulnerability ManagementZero-day vulnerabilityVulnerabilities newsMITRE Corporation targeted by nation-state threat actorsBy Gyana Swain 22 Apr 20244 minsData Breach feature6 security items that should be in every AI acceptable use policyBy Linda Rosencrance 22 Apr 20248 minsRegulationIT GovernanceSecurity Practices news analysisWindows path conversion weirdness enables unprivileged rootkit behaviorBy Lucian Constantin 19 Apr 20245 minsWindows SecurityThreat and Vulnerability ManagementVulnerabilities newsRansomware feared in Octapharma Plasma’s US-wide shutdownBy Shweta Sharma 19 Apr 20243 minsRansomware More security newsnewsTop cybersecurity product news of the weekNew product and service announcements from Conatix, Tanium, Cisco AppDynamics and Miggo.By CSO staff 19 Apr 2024 79 minsGenerative AISecuritynews analysisCisco fixes vulnerabilities in Integrated Management ControllerCisco fixes high-risk flaws in the out-of-band management controller of multiple productsBy Lucian Constantin 18 Apr 2024 4 minsThreat and Vulnerability ManagementVulnerabilitiesnewsUK law enforcement busts online phishing marketplaceThe coordinated takedown has infiltrated the fraud service and made several arrests based on data found on the platform.By Shweta Sharma 18 Apr 2024 4 minsPhishingLegalnewsConsolidation blamed for Change Healthcare ransomware attackUnited HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused.By John Leyden 18 Apr 2024 5 minsRansomwareCyberattacksnewsCisco announces AI-powered Hypershield for autonomous exploit patching in the cloud AI-based capability is part of Cisco’s Security Cloud platform for hyperscalers.By John Dunn 18 Apr 2024 4 minsThreat and Vulnerability ManagementCloud Securitynews analysisAWS and Google Cloud command-line tools can expose secrets in CI/CD logsCloud vendors say it is up to users to ensure sensitive command outputs are not saved in logsBy Lucian Constantin 17 Apr 2024 4 minsCloud SecurityData and Information SecuritynewsSAP users are at high risk as hackers exploit application vulnerabilitiesResearch highlights heightened threat actor interests in SAP systems, targeting poorly patched organizations.By Shweta Sharma 17 Apr 2024 4 minsApplication SecurityVulnerabilitiesnews analysisUnderstanding CISA's proposed cyber incident reporting rulesCISA’s massive rulemaking will create the first US cyber incident and ransomware payment reporting mechanism that promises to radically overhaul the workloads of most cybersecurity professionals.By Cynthia Brumfield 17 Apr 2024 10 minsRegulationRansomwareCyberattacksnews analysisMore open-source project takeover attempts found after XZ Utils attackDiscovered after OpenJS Foundation Cross Project Council received a request for administrative access for a ‘quick fix’.By Lucian Constantin 16 Apr 2024 6 minsSocial EngineeringOpen SourcenewsSensitive US government data exposed after Space-Eyes data breachThe breach compromises sensitive data from critical US government agencies including the Department of Justice, Department of Homeland Security, and the US armed forces. By Shweta Sharma 16 Apr 2024 3 minsData BreachCyberattacksnews analysisUS supreme court ruling suggests change in cybersecurity disclosure processDecision puts pressure on CISOs and those crafting SEC filings as wording could be judged as “half-truths” and considered misleading.By Evan Schuman 16 Apr 2024 6 minsRegulationSecuritynewsHacker dumps data of 2.8 million Giant Tiger customersThe hacked information includes the customers' email addresses who either subscribed to the Canadian retailer's emails or had accounts created on its official website, their names, addresses, and phone numbers. By Shweta Sharma 15 Apr 2024 3 minsData BreachHacking Show more Show less Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy View all topics All topics Close Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Generative AI Vulnerabilities Popular topicsCybercrime opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione 02 Apr 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki 26 Mar 2024 6 minsCyberattacksCybercrime news analysisNew phishing campaign targets US organizations with NetSupport RATBy Lucian Constantin 21 Mar 2024 3 minsPhishingCyberattacksMalware View topic Careers featureAre you a toxic cybersecurity boss? How to be a better CISOBy Christine Wong 18 Apr 2024 9 minsCSO and CISOHuman ResourcesRisk Management newsBoys’ club mentality still a barrier to women’s success in cybersecurity careersBy John Leyden 10 Apr 2024 5 minsCareersSecurity feature5 groups that support diversity in cybersecurityBy Linda Rosencrance 09 Apr 2024 8 minsCSO and CISOCertificationsHuman Resources View topic IT Leadership featureTop cybersecurity M&A deals for 2024By CSO Staff 12 Apr 2024 12 minsMergers and AcquisitionsData and Information SecurityIT Leadership newsISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021By John Mello Jr. 12 Apr 2024 4 minsCSO and CISOSalariesHuman Resources newsNew CISO appointments 2024By CSO Staff 05 Apr 2024 10 minsCSO and CISOIT JobsIT Governance View topic Upcoming Events15/May roundtable luncheonInnovating safely: Navigating the intersection of AI, network, and security15 May 202412:00pm-2:30pm AWSTMount Lawley Golf Club, Perth Artificial Intelligence View all events In depth newsAustralian government back on top 5 sectors with most reported data breachesThe only sector where human error was the top cause of breaches.By Samira Sarraf22 Feb 20243 mins Government ITData BreachData Privacy Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Synopsys How application security can create velocity at enterprise scale By Jason Schmitt, General Manager, Synopsys Software Integrity Group 22 Apr 20245 mins Security brandpost Sponsored by Synopsys DevSecOps: Still a challenge but more achievable than ever By Taylor Armerding, Security Advocate at Synopsys Software Integrity Group 22 Apr 20246 mins Security brandpost Sponsored by Synopsys Don’t be afraid of GenAI code, but don’t trust it until you test it By Taylor Armerding, Security Advocate at Synopsys Software Integrity Group 22 Apr 20245 mins Artificial Intelligence podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care 02 Apr 202416 mins CSO and CISO podcast CSO Executive Sessions: 2024 International Women's Day special 13 Mar 202410 mins CSO and CISO podcast CSO Executive Sessions: Former convicted hacker Hieu Minh Ngo on blindspots in data protection 20 Feb 202421 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care 01 Apr 202416 mins CSO and CISO video CSO Executive Sessions: 2024 International Women's Day special 13 Mar 202410 mins CSO and CISO video LockBit feud with law enforcement feels like a TV drama 05 Mar 202456 mins RansomwareArtificial Intelligence