newsAdministrator of ransomware operation LockBit named, charged, has assets frozenA Russian national alleged to have been the administrator of the notorious and prolific LockBit ransomware provider faces international charges. A $10-million reward for the suspect’s arrest has been offered.By Lucian ConstantinMay 07, 20243 minsAdvanced Persistent ThreatsHacker GroupsRansomware news US doing all it can to manage global cybersecurity threats, secretary of state tells RSAC By Evan SchumanMay 07, 20244 minsCyberattacksGovernmentThreat and Vulnerability Managementnews Change Healthcare went without cyber insurance before debilitating ransomware attackBy John LeydenMay 07, 20245 minsData BreachRansomware newsCitrix quietly fixes a new critical vulnerability similar to Citrix BleedBy Shweta Sharma May 07, 20243 minsVulnerabilities featureWhat is IAM? Identity and access management explainedBy David Strom May 07, 202412 minsIdentity Management SolutionsIT LeadershipSecurity newsMost interesting products to see at RSAC 2024By CSO Staff May 07, 202412 minsRSA ConferenceSecurity newsGoogle launches Google Threat Intelligence at RSA ConferenceBy Sascha Brodsky May 06, 20244 minsRSA ConferenceCloud SecuritySecurity Software how-toDownload the Zero Trust network access (ZTNA) enterprise buyer’s guideBy Josh Fruhlinger and steve_zurier May 06, 20241 minZero TrustAccess ControlNetwork Security newsGermany blames Russian hackers for months-long cyber espionageBy Shweta Sharma May 06, 20244 minsAdvanced Persistent ThreatsHacker Groups More security newsnewsCISA, FBI urge developers to patch path traversal bugs before shippingThe advisory highlights how developers can follow best practices to fix these vulnerabilities during production.By Shweta Sharma May 03, 2024 3 minsVulnerabilitiesnewsMicrosoft continues to add, shuffle security execs in the wake of security incidentsThe company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network.By Elizabeth Montalbano May 03, 2024 4 minsCSO and CISOnewsIranian hackers harvest credentials through advanced social engineering campaignsMandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials.By Shweta Sharma May 02, 2024 4 minsHacker GroupsSocial EngineeringnewsDropbox Sign hack exposed user data, raises security concerns for e-sign industryThe names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.”By Gyana Swain May 02, 2024 5 minsData BreachnewsUnitedHealth hack may impact a third of US citizens: CEO testimonyDespite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online.By Prasanth Aby Thomas May 02, 2024 4 minsData BreachRansomwareHackingnews analysisBiden delivers updated take on security for critical infrastructure Building on previous efforts, the Biden administration's new National Security Memorandum reflects a more modern approach to protecting US critical infrastructure, giving CISA a better-defined and expanded role as the agency coordinating everything.By Cynthia Brumfield May 02, 2024 7 minsGovernmentThreat and Vulnerability ManagementCritical InfrastructurenewsNIST publishes new guides on AI risk for developers and CISOsCompanion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals.By John Dunn May 01, 2024 4 minsRegulationGovernmentSecurity Practicesnews analysis5 key takeways from Verizon's 2024 Data Breach Investigations ReportThe rapid of exploitation of zero-day vulnerabilities, such as MOVEit, and the effectiveness of ransomware attacks are two of the major findings from last year’s breach data.By Rosalyn Page May 01, 2024 5 minsData BreachZero-day vulnerabilityData and Information Securitynews analysisChinese threat actor engaged in multi-year DNS resolver probing effortThe unusual and persistent probing activity over the span of multiple years should be a reminder to organizations to identify and remove all open DNS resolvers from their networks.By Lucian Constantin Apr 30, 2024 7 minsCyberattacksNetwork SecuritynewsSecuriti adds distributed LLM firewalls to secure genAI applicationsThe new offering is aimed at protecting against prompt injection, data leakage, and training data poisoning in LLM systems. By Shweta Sharma Apr 30, 2024 4 minsGenerative AInewsUnitedHealth hackers exploited Citrix vulnerabilities, CEO to testifyIn the written testimony before the House Energy and Commerce Committee, CEO Andrew Witty said after gaining access, the threat actor moved laterally within the systems using sophisticated methods and exfiltrated data.By Prasanth Aby Thomas Apr 30, 2024 3 minsHacker GroupsCyberattacksVulnerabilitiesnewsMost attacks affecting SMBs target five older vulnerabilitiesAttackers target flaws for a reason: Even years after they are discovered, they still work. By John Dunn Apr 30, 2024 4 minsThreat and Vulnerability ManagementNetwork SecurityVulnerabilities Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI newsTop cybersecurity product news of the weekBy CSO staff Apr 26, 2024 81 minsGenerative AISecurity featureKeeping up with AI: OWASP LLM AI Cybersecurity and Governance ChecklistBy Chris Hughes Mar 14, 2024 10 minsGenerative AISecurity PracticesOpen Source newsMicrosoft reveals general availability of Copilot for SecurityBy Samira Sarraf Mar 13, 2024 4 minsGenerative AIThreat and Vulnerability Management View topic Cybercrime opinionWhat is the dark web? How to access it and what you’ll findBy Darren Guccione Apr 02, 2024 13 minsData BreachTechnology IndustryCybercrime newsThe US indicts 7 Chinese nationals for cyber espionageBy Sandeep Budki Mar 26, 2024 6 minsCyberattacksCybercrime news analysisNew phishing campaign targets US organizations with NetSupport RATBy Lucian Constantin Mar 21, 2024 3 minsPhishingCyberattacksMalware View topic Careers featureAI governance and cybersecurity certifications: Are they worth it?By Maria Korolov May 06, 2024 12 minsCertificationsIT Training Careers featureThe CSO guide to top security conferencesBy CSO Staff May 01, 2024 15 minsTechnology IndustryIT SkillsEvents featureFinding the perfect match: What CISOs should ask before saying ‘yes’ to a jobBy Aimee Chanthadavong Apr 29, 2024 8 minsCSO and CISOCareers View topic IT Leadership featureCyber breach misinformation creates a haze of uncertaintyBy Cynthia Brumfield Apr 30, 2024 9 minsCSO and CISOData BreachSecurity Practices newsNew CISO appointments 2024By CSO Staff Apr 26, 2024 14 minsCSO and CISOIT JobsIT Governance featureThe rise in CISO job dissatisfaction – what’s wrong and how can it be fixed?By Mary Pratt Apr 24, 2024 11 minsCSO and CISOCareersIT Leadership View topic Upcoming Events14/May in-person event FutureIT Boston 2024: AI, Data, & Tech LeadershipMay 14, 2024Boston, MA IT Leadership 05/Jun virtual event ForwardTech Virtual ShowcaseJun 05, 2024Virtual Event Technology Industry 18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Cyber NewsWire Hunters announces full adoption of OCSF and introduces OCSF-native search By Cyber NewsWire – Paid Press Release May 07, 20245 mins CyberattacksSecurity brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics By Mike Nichols, Product for Security at Elastic May 06, 20243 mins Artificial Intelligence feature Malware explained: How to prevent, detect and recover from it By Josh Fruhlinger May 03, 202418 mins RansomwarePhishingMalware podcast CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO podcast CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 02, 202416 mins CSO and CISO podcast CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO video CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO video CSO Executive Sessions: Geopolitical tensions in the South China Sea – why the private sector should care Apr 01, 202416 mins CSO and CISO video CSO Executive Sessions: 2024 International Women's Day special Mar 13, 202410 mins CSO and CISO