opinionWhat CISOs can do to bridge their cyber talent gapEfforts to fix the 4 million global cyber pro shortfall may someday pay off. Until then, CISOs have practical solutions at their disposal. By David GeeJul 26, 20247 minsIT SkillsIT Training feature How attackers evade your EDR/XDR system — and what you can do about itBy Matt HandJul 25, 20249 minsAdvanced Persistent ThreatsEndpoint Protectionfeature CrowdStrike failure: What you need to knowBy CIO staffJul 23, 20247 minsTechnology IndustryIncident ResponseBusiness Continuity news analysisSecure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardyBy Lucian Constantin Jul 26, 20247 minsVulnerabilities newsCounting the cost of CrowdStrike: the bug that bit billionsBy Shweta Sharma Jul 26, 20241 minBusiness ContinuityEndpoint Protection newsDocker re-fixes a critical authorization bypass vulnerabilityBy Shweta Sharma Jul 25, 20243 minsOpen SourceVulnerabilities opinionProject 2025 could escalate US cybersecurity risks, endanger more AmericansBy Cynthia Brumfield Jul 25, 202410 minsGovernment ITGovernmentIT Governance Frameworks opinionCrowdStrike meltdown highlights IT’s weakest link: Too much administrationBy Andy Ellis Jul 24, 20245 minsZero TrustTechnology IndustryIT Strategy featureCountdown to DORA: How CISOs can prepare for EU's newv Act By Andrada Fiscutean Jul 24, 202411 minsRegulationFinancial Services IndustryRisk Management More security newsfeatureDNSSEC explained: Why you might want to implement it on your domainThe Domain Name System Security Extensions provides cryptographic authentication to prevent redirection to rogue websites, but owners of many domains have yet to adopt it.By Lucian Constantin Jul 26, 2024 13 minsEncryptionInternet SecuritySecuritynewsMicrosoft Defender SmartScreen bug actively used in stealer campaignThe vulnerability is being used by threat actors to spread multiple LNK files to download stealer payloads. By Shweta Sharma Jul 24, 2024 3 minsMalwareVulnerabilitiesnewsCrowdStrike blames it testing shortcomings for Windows meltdownCustomers will be given more control over when and where content is downloaded to reduce the risk of similar incidents in future.By John Leyden Jul 24, 2024 5 minsIncident ResponseEndpoint ProtectionSecuritynewsHackers leak documents stolen from Pentagon contractor LeidosLeidos serves prominent clients including the US Department of Defense (DOD), the Department of Homeland Security (DHS), NASA, and various other US and foreign agencies.By Gyana Swain Jul 24, 2024 3 minsData BreachnewsPort shadow: Yet another VPN weakness ripe for exploitSharing connection information could be a problem among users of the same VPN server without proper protection, researchers have found. Corporate VPN servers in particular are vulnerable to the flaw.By David Strom Jul 24, 2024 5 minsInternet SecurityNetwork Securitynews analysisICS malware FrostyGoop disrupted heating in Ukraine, remains threat to OT worldwideThe malware leverages Modbus TCP communications to target operational technology assets — and can easily be repurposed to compromise other industrial controllers, putting widespread critical infrastructure at risk.By Lucian Constantin Jul 23, 2024 5 minsMalwareCritical InfrastructureNetwork SecuritynewsGoogle abandons plans to drop third-party cookies in ChromeChrome will now allow users to either experience web browsing within the Privacy Sandbox setting or continue to have traditional cross-site cookies activated.By Shweta Sharma Jul 23, 2024 1 minBrowser SecuritynewsWiz shocks the tech world as it rejects Google’s $23 billion bidThe Israeli cybersecurity startup is now looking at raising money through an initial public offering.By Gyana Swain Jul 23, 2024 3 minsTechnology IndustryfeatureNHIs may be your biggest — and most neglected — security holeBecause IT has so little visibility into non-human identities, attackers are increasingly seeking them out as ultra-easy onramps to everything of value in your enterprise. The solution? Stop treating NHIs as though they are another human end-user.By Evan Schuman Jul 23, 2024 9 minsApplication SecurityIdentity and Access ManagementNetwork SecurityopinionEarly IT takeaways from the CrowdStrike outageAs the IT world recovers from the massive outage triggered by CrowdStrike’s Falcon update, CISOs and CIOs would be wise to keep a running ledger of lessons learned. Here are some initial considerations.By Susan Bradley Jul 23, 2024 8 minsIncident ResponseIT StrategynewsDaggerfly revamps malware toolkit with new backdoorsPreviously unattributed Macma linked to MgBot developers Daggerfly.By Lucian Constantin Jul 23, 2024 5 minsMacOS SecurityThreat and Vulnerability ManagementWindows SecuritynewsData of 13 million MediSecure customers compromised in ransomware attackMediSecure’s internal investigations revealed approximately 12.9 million customers had sensitive personal and health data stolen in the attack. By Shweta Sharma Jul 22, 2024 4 minsData BreachRansomware Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI news analysisAI agents can find and exploit known vulnerabilities, study showsBy Maria Korolov Jul 02, 2024 8 minsZero-day vulnerabilityGenerative AIVulnerabilities newsMicrosoft warns of ‘Skeleton Key’ jailbreak affecting many generative AI modelsBy Shweta Sharma Jun 27, 2024 4 minsGenerative AIVulnerabilities newsMeta delays launch of Meta AI in Europe over disagreement with regulatorsBy Lynn Greiner Jun 17, 2024 3 minsRegulationData PrivacyGenerative AI View topic Cybercrime featureHow cybercriminals recruit insiders for malicious actsBy Dov Lerner Jul 16, 2024 17 minsCybercrime featureLogic bombs explained: Definition, examples, preventionBy Josh Fruhlinger Jul 05, 2024 12 minsMalwareCybercrimeSecurity brandpostSponsored by CyberArkWhy identity security Is essential to cybersecurity strategyBy Claudio Neiva, CyberArk’s Field Technology Director (LATAM), PAM and Identity Security Jun 24, 2024 6 minsCybercrime View topic Careers featureWhat savvy hiring execs look for in a CISO todayBy Evan Schuman Jul 16, 2024 10 minsCSO and CISOCareersIT Leadership featureMore than a CISO: the rise of the dual-titled IT leaderBy Rosalyn Page Jul 10, 2024 8 minsCSO and CISOCareersIT Leadership featureCRISC certification: Exam, requirements, training, potential salaryBy Josh Fruhlinger Jul 09, 2024 8 minsCertificationsIT SkillsIT Training View topic IT Leadership feature5 critical IT policies every organization should have in placeBy Bob Violino Jul 22, 2024 7 minsInternet SecurityDisaster RecoveryIT Strategy featureInternships can be a gold mine for cybersecurity hiringBy Christine Wong Jul 22, 2024 9 minsCSO and CISOMentoringHuman Resources featureIf you’re a CISO without D&O insurance, you may need to fight for itBy Linda Rosencrance Jul 08, 2024 7 minsCSO and CISOInsurance IndustryIT Leadership View topic Upcoming Events05/Aug-07/Aug in-person event CIO 100 Symposium & AwardsAug 05, 2024The Broadmoor, Colorado Springs, CO IDG Events 24/Sep in-person event FutureIT TorontoSep 24, 2024Vantage Venues, Toronto Events 26/Sep virtual event FutureIT CanadaSep 26, 2024Virtual Event Events View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos how-to Download the unified endpoint management (UEM) platform enterprise buyer’s guide By Bob Violino Jul 26, 20241 min Mobile SecurityEndpoint ProtectionEnterprise Buyer’s Guides brandpost Sponsored by Fortinet Key considerations for adopting a platform approach to cybersecurity By Nirav Shah Jul 22, 20245 mins Security news CrowdStrike CEO apologizes for crashing IT systems around the world, details fix By Peter Sayer Jul 20, 20244 mins Security podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO podcast CSO Executive Sessions: Data protection in Malaysia Jul 02, 202415 mins CSO and CISO video CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO video Cybersecurity Insights for Tech Leaders: Addressing Dynamic Threats and AI Risks with Resilience Jul 10, 202424 mins CSO and CISO video CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO