feature3 reasons users can’t stop making security mistakes — unless you address themUnderstanding what’s behind employee security mistakes can help CISOs make meaningful adjustments to their security awareness training strategies.By Ariella BrownMay 31, 20245 minsData BreachRisk Management reviews Cloud access security brokers (CASBs): What to know before you buyBy Neal WeinbergMay 30, 202411 minsCloud SecurityCloud ComputingSecurityopinion Cybersecurity at a crossroads: Time to shift to an architectural approachBy Jon OltsikMay 29, 20248 minsSecurity Operations CenterSecurity PracticesSecurity Software featureThe CSO guide to top security conferencesBy CSO Staff May 31, 202412 minsTechnology IndustryIT SkillsEvents newsOkta alerts customers against new credential-stuffing attacksBy Shweta Sharma May 31, 20244 minsIdentity and Access ManagementVulnerabilities newsBug in EmbedAI can allow poisoned data to sneak into your LLMsBy Shweta Sharma May 31, 20243 minsGenerative AIVulnerabilities news‘Operation Endgame’ deals major blow to malware distribution botnetsBy Lucian Constantin May 30, 20244 minsBotnetsMalwareCybercrime newsOver half of government applications have unpatched flaws older than a yearBy Lucian Constantin May 30, 20246 minsGovernment ITApplication SecurityVulnerabilities featureThird-party software supply chain threats continue to plague CISOsBy David Strom May 28, 20248 minsOpen SourceSecurity SoftwareSupply Chain More security newsnewsOpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert OpsOpenAI’s generative AI tools were used to create and post propaganda content on various geo-political and socio-economic issues across social media platforms, the company said.By Gyana Swain May 31, 2024 4 minsGenerative AIfeatureTwo-factor authentication (2FA) explained: How it works and how to enable itTwo-factor authentication (2FA) goes beyond passwords to add a second layer of security to the authentication process. Organizations and users alike can better secure their data by making the shift to 2FA.By Josh Fruhlinger and CSO Staff May 30, 2024 11 minsPasswordsAuthenticationSecuritynewsCybercrime group claims to have stolen data on 560 million Ticketmaster usersThe group claims to have stolen 1.3 TBytes of data, including partial payment card numbers and customers’ personal identifiying information.By Evan Schuman May 30, 2024 4 minsData BreachnewsWorld’s largest botnet seized in Federal bust, Chinese national arrestedThe botnet infected computers in nearly 200 countries, facilitating financial fraud, identity theft, and child exploitation.By Shweta Sharma May 30, 2024 4 minsBotnetsCybercrimenewsHuman vulnerability remains top threat: ReportAccording to a recent survey, companies are particularly at risk from business email compromise attacks and — often involuntary — insider threats. By Manfred Bremmer May 30, 2024 5 minsEmail SecurityPhishingRansomwarenews analysisDigital trust gap leaves organizations vulnerableOrganizations know the importance of digital trust but lack of priority is leaving them open to reputational and business damage, finds ISACA report.By Rosalyn Page May 29, 2024 5 minsData and Information SecuritySecurity PracticesSecuritynewsGoodbye phishing? Descope's nOTP authentication offers WhatsApp alternative to SMSAuthentication is complex and not enough people use it, but no-code developer Descope thinks it has found the answer: WhatsApp. By John Dunn May 29, 2024 5 minsMulti-factor AuthenticationAuthenticationnewsCheck Point VPNs exploited to breach enterprise networksThe company has released patch codes to fix the vulnerability that allows unauthorized remote access attempts.By Shweta Sharma May 29, 2024 3 minsVulnerabilitiesnewsRepeated cyberattacks on court systems raise security concerns for the USCourt systems form crucial national infrastructure and therefore a nation-state angle cannot be completely ruled out in the recent surge in attacks.By Shweta Sharma May 29, 2024 9 minsRansomwareCyberattacksnewsUS healthcare agency to invest $50M in threat detection tools that predict attackers’ next movesThe Advanced Research Projects Agency for Health is seeking proposals that go beyond detecting and analyzing healthcare attacks to trying to determine what attackers will try next.By Evan Schuman May 28, 2024 5 minsGovernment ITHealthcare IndustryThreat and Vulnerability ManagementnewsData leak exposes personal data of Indian military and policeData included facial scans, fingerprints, identifying marks such as tattoos or scars, and documents such as birth certificates and employment records.By Prasanth Aby Thomas May 28, 2024 4 minsData BreachfeatureCISSP certification: Requirements, training, exam, and costThe Certified Information Systems Security Professional ‘gold standard’ certification demonstrates your skills, testifies to your experience, and opens career advancement opportunities, including higher salary.By Josh Fruhlinger and CSO Staff May 28, 2024 10 minsCertificationsCareersSecurity Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI newsMicrosoft Azure’s Russinovich sheds light on key generative AI threatsBy David Strom May 22, 2024 4 minsGenerative AIData and Information Security newsPalo Alto launches AI-powered solutions to fight AI-generated cyberthreatsBy Prasanth Aby Thomas May 09, 2024 3 minsGenerative AISecurity Software newsSecuriti adds distributed LLM firewalls to secure genAI applicationsBy Shweta Sharma Apr 30, 2024 4 minsGenerative AI View topic Cybercrime newsKroll cyber threat landscape report: AI assists attackersBy Lynn Greiner May 24, 2024 5 minsThreat and Vulnerability ManagementCybercrimeVulnerabilities news analysisEmerging ransomware groups on the rise: Who they are, how they operateBy Lucian Constantin May 24, 2024 6 minsRansomwareCybercrime newsTracking manual attacks may deliver zero-day previewsBy Evan Schuman May 23, 2024 4 minsCyberattacksFraudCybercrime View topic Careers featureAI governance and cybersecurity certifications: Are they worth it?By Maria Korolov May 06, 2024 12 minsCertificationsIT Training Careers featureFinding the perfect match: What CISOs should ask before saying ‘yes’ to a jobBy Aimee Chanthadavong Apr 29, 2024 8 minsCSO and CISOCareers featureThe rise in CISO job dissatisfaction – what’s wrong and how can it be fixed?By Mary Pratt Apr 24, 2024 11 minsCSO and CISOCareersIT Leadership View topic IT Leadership opinionThe art of saying no is a powerful tool for the CISO in the era of AIBy Clarke Rodgers May 27, 2024 5 minsCSO and CISOSecurity PracticesIT Leadership featureTop cybersecurity M&A deals for 2024By CSO Staff May 24, 2024 14 minsMergers and AcquisitionsData and Information SecurityIT Leadership opinionReducing CSO-CIO tension requires recognizing the signsBy David Gee May 22, 2024 1 minCIOCSO and CISOIT Leadership View topic Upcoming Events05/Jun virtual event ForwardTech Virtual ShowcaseJun 05, 2024Virtual Event Technology Industry 18/Jun in-person event FutureIT Chicago: Building the Digital Business with Cloud, AI and SecurityJun 18, 2024Chicago, IL Technology Industry 01/Jul in-person event SecureIT New York 2024Jul 01, 2024New York, NY Data and Information Security View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos how-to Download our data security posture management (DSPM) enterprise buyer’s guide By David Strom May 30, 20241 min Data and Information SecurityEnterprise Buyer’s Guides how-to How to deploy WPA3 for enhanced wireless security By Eric Geier May 29, 20241 min Wireless Security brandpost Sponsored by Kytec and Cisco Innovating safely: Navigating the intersection of AI, network, and security May 28, 20245 mins Artificial Intelligence podcast CSO Executive Sessions: The new realities of the CISO role – whistleblowing and legal liabilities May 28, 202417 mins CSO and CISO podcast CSO Executive Sessions India with Pradipta Kumar Patro, Global CISO and Head IT Platform, KEC International May 22, 202426 mins CSO and CISO podcast CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO video CSO Executive Sessions: The new realities of the CISO role – whistleblowing and legal liabilities May 28, 202417 mins CSO and CISO video CSO Executive Sessions India with Pradipta Kumar Patro, Global CISO and Head IT Platform, KEC International May 22, 202426 mins CSO and CISO video CSO Executive Sessions: The personality of cybersecurity leaders Apr 29, 202419 mins CSO and CISO