featureThe biggest data breach fines, penalties, and settlements so farHacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $4.4 billion and counting.By Shweta Sharma and Michael Hill26 Apr 202416 minsData BreachSecurity news New CISO appointments 2024By CSO Staff26 Apr 202414 minsCSO and CISOIT JobsIT Governancenews Top cybersecurity product news of the weekBy CSO staff26 Apr 202481 minsGenerative AISecurity featureLooking outside: How to protect against non-Windows network vulnerabilitiesBy Susan Bradley 25 Apr 20247 minsWindows SecurityNetwork SecuritySecurity Practices newsSalt Security adds defense against OAuth attacksBy Shweta Sharma 25 Apr 20243 minsAuthenticationSecurity Software newsCisco urges immediate software upgrade after state-sponsored attackBy Prasanth Aby Thomas 25 Apr 20243 minsVulnerabilities news analysisHow the ToddyCat threat group sets up backup traffic tunnels into victim networksBy Lucian Constantin 24 Apr 20246 minsAdvanced Persistent ThreatsThreat and Vulnerability ManagementNetwork Security newsNew OT security service can help secure against critical systems attacksBy Shweta Sharma 24 Apr 20243 minsSecurity Software featureWhat is biometrics? 10 physical and behavioral identifiers that can be used for authenticationBy Maria Korolov 24 Apr 202414 minsBiometricsAuthenticationSecurity More security newsnewsAuthentication failure blamed for Change Healthcare ransomware attackAbsence of multi-factor authentication reportedly left a remote access application exposed.By John Leyden 23 Apr 2024 5 minsRansomwareCyberattacksnewsRussian state-sponsored hacker used GooseEgg malware to steal Windows credentialsA now-patched Windows Print Spooler flaw was used by Forest Blizzard to drop the privilege-elevating malware for credential stealing and persistence.By Shweta Sharma 23 Apr 2024 3 minsMalwareWindows Securitynews analysisMore attacks target recently patched critical flaw in Palo Alto Networks firewallsThe vulnerability found in GlobalProtect could be exploited to gain access to corporate networks and has seen a rise in compromise attempts despite being patched.By Lucian Constantin 22 Apr 2024 5 minsThreat and Vulnerability ManagementZero-day vulnerabilityVulnerabilitiesnewsMITRE Corporation targeted by nation-state threat actorsThe non-profit organization said the breach occurred in January 2024 when the nation-state threat actor conducted a reconnaissance of MITRE’s networks by exploiting one of its VPNs through two Ivanti Connect Secure zero-day vulnerabilities.By Gyana Swain 22 Apr 2024 4 minsData Breachnews analysisWindows path conversion weirdness enables unprivileged rootkit behaviorMagicDot technique allows attackers to capitalize on an already-patched vulnerability simply by changing the dots in a path.By Lucian Constantin 19 Apr 2024 5 minsWindows SecurityThreat and Vulnerability ManagementVulnerabilitiesnewsRansomware feared in Octapharma Plasma’s US-wide shutdownThe disruption has impacted more than 150 plasma centers in the US, with possible effects on European operations.By Shweta Sharma 19 Apr 2024 3 minsRansomwarenews analysisCisco fixes vulnerabilities in Integrated Management ControllerCisco fixes high-risk flaws in the out-of-band management controller of multiple productsBy Lucian Constantin 18 Apr 2024 4 minsThreat and Vulnerability ManagementVulnerabilitiesnewsUK law enforcement busts online phishing marketplaceThe coordinated takedown has infiltrated the fraud service and made several arrests based on data found on the platform.By Shweta Sharma 18 Apr 2024 4 minsPhishingLegalnewsConsolidation blamed for Change Healthcare ransomware attackUnited HealthGroup said it has already taken $872 million in dealing with the attack and the disruption it caused.By John Leyden 18 Apr 2024 5 minsRansomwareCyberattacksnewsCisco announces AI-powered Hypershield for autonomous exploit patching in the cloud AI-based capability is part of Cisco’s Security Cloud platform for hyperscalers.By John Dunn 18 Apr 2024 4 minsThreat and Vulnerability ManagementCloud Securitynews analysisAWS and Google Cloud command-line tools can expose secrets in CI/CD logsCloud vendors say it is up to users to ensure sensitive command outputs are not saved in logsBy Lucian Constantin 17 Apr 2024 4 minsCloud SecurityData and Information SecuritynewsSAP users are at high risk as hackers exploit application vulnerabilitiesResearch highlights heightened threat actor interests in SAP systems, targeting poorly patched organizations.By Shweta Sharma 17 Apr 2024 4 minsApplication SecurityVulnerabilities Show more Show less Explore a topic Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy View all topics All topics Close Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Generative AI Vulnerabilities Popular topicsCybercrime opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione 02 Apr 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki 26 Mar 2024 6 minsCyberattacksCybercrime news analysisNew phishing campaign targets US organizations with NetSupport RATBy Lucian Constantin 21 Mar 2024 3 minsPhishingCyberattacksMalware View topic Careers featureThe rise in CISO job dissatisfaction – what’s wrong and how can it be fixed?By Mary Pratt 24 Apr 2024 11 minsCSO and CISOCareersIT Leadership featureAre you a toxic cybersecurity boss? How to be a better CISOBy Christine Wong 18 Apr 2024 9 minsCSO and CISOHuman ResourcesRisk Management newsBoys’ club mentality still a barrier to women’s success in cybersecurity careersBy John Leyden 10 Apr 2024 5 minsCareersSecurity View topic IT Leadership featureTop cybersecurity M&A deals for 2024By CSO Staff 12 Apr 2024 12 minsMergers and AcquisitionsData and Information SecurityIT Leadership newsISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021By John Mello Jr. 12 Apr 2024 4 minsCSO and CISOSalariesHuman Resources featureWhen the boss doesn’t fit: Cybersecurity workforce more diverse than its managersBy Christine Wong 26 Mar 2024 10 minsCSO and CISOHuman ResourcesIT Leadership View topic Upcoming Events15/May roundtable luncheonInnovating safely: Navigating the intersection of AI, network, and security15 May 202412:00pm-2:30pm AWSTMount Lawley Golf Club, Perth Artificial Intelligence View all events In depth newsAustralian government back on top 5 sectors with most reported data breachesThe only sector where human error was the top cause of breaches.By Samira Sarraf22 Feb 20243 mins Government ITData BreachData Privacy Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Palo Alto Networks Cloud security teams: What to know as M&A activity rebounds in 2024 By Amol Mathur, SVP & GM of Prisma Cloud, Palo Alto Networks 25 Apr 20244 mins Cloud Security brandpost Sponsored by Microsoft Security What will cyber threats look like in 2024? By Microsoft Security 24 Apr 20245 mins Security opinion The Assumed Breach conundrum By Steven Sim 23 Apr 20244 mins Zero TrustSecurity podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care 02 Apr 202416 mins CSO and CISO podcast CSO Executive Sessions: 2024 International Women's Day special 13 Mar 202410 mins CSO and CISO podcast CSO Executive Sessions: Former convicted hacker Hieu Minh Ngo on blindspots in data protection 20 Feb 202421 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care 01 Apr 202416 mins CSO and CISO video CSO Executive Sessions: 2024 International Women's Day special 13 Mar 202410 mins CSO and CISO video LockBit feud with law enforcement feels like a TV drama 05 Mar 202456 mins RansomwareArtificial Intelligence