news analysisCompanies skip security hardening in rush to adopt AIOrca Security’s analysis of major cloud infrastructure reveals widespread use of tools with known vulnerabilities, exposed AI models and data, misconfigured systems, and unencrypted data — all to capitalize quickly on AI.By Lucian ConstantinSep 19, 20247 minsCloud SecurityData and Information Security feature Personhood: Cybersecurity’s next great authentication battle as AI improvesBy Evan SchumanSep 18, 20248 minsAuthenticationIdentity Management Solutionsfeature AI-SPM buyer’s guide: 9 security posture management tools to protect your AI infrastructureBy David StromSep 17, 202410 minsSecurity PracticesSecurity InfrastructureEnterprise Buyer’s Guides news analysisDeepfakes break through as business threatBy Grant Gross Sep 19, 20245 minsSocial Engineering featureCybersecurity vet Madison Horn makes her bid for US CongressBy Christine Wong Sep 18, 20248 minsCSO and CISOGovernmentIT Leadership interviewDo boards understand their new role in cybersecurity?By Martha Heller Sep 18, 20246 minsIT Leadership newsMicrosoft fixes Authenticator design flaw after eight years overwriting accountsBy Evan Schuman Sep 17, 20245 minsAuthentication newsWarning to ServiceNow admins: Block publicly available KB articlesBy Howard Solomon Sep 17, 20246 minsData PrivacyConfiguration ManagementSecurity Practices news analysisRansomware whistleblower: Columbus could have avoided its mistakesBy Cynthia Brumfield Sep 17, 202414 minsGovernment ITRansomware More security newsfeatureWant to know how the bad guys attack AI systems? MITRE’S ATLAS can show youMITRE’s ATLAS threat landscape knowledge base for artificial intelligence is a comprehensive guide to the tactics and processes bad actors use to compromise and exploit AI systems.By Chris Hughes Sep 20, 2024 12 minsHackingThreat and Vulnerability ManagementMachine LearningfeatureWhat is pretexting? Definition, examples, and attacksPretexting is a social engineering attack that employs a fabricated scenario and character impersonation to win trust and gain access to data and accounts under false pretexts.By Josh Fruhlinger Sep 20, 2024 10 minsPhishingSocial EngineeringSecuritynewsReveal of Chinese-controlled botnet is another warning to CISOs to keep up with asset and patch managementBotnet has up to 260,000 compromised routers, firewalls, IP cameras, and more, says report from Five Eyes countries.By Howard Solomon Sep 19, 2024 6 minsBotnetsThreat and Vulnerability ManagementVulnerabilitiesnewsMicrosoft warns of ransomware attacks on US healthcareMicrosoft’s threat intelligence team observed the threat actor using a borrowed Gootloader infection to deploy INC ransomware on victim systems.By Shweta Sharma Sep 19, 2024 3 minsRansomwareopinionHow cybersecurity red teams can boost backup protectionsCollaboration between red teams (offensive security) and blue teams (defensive security) can help organizations identify vulnerabilities, test their defenses, and improve their overall security posture.By W. Curtis Preston Sep 18, 2024 1 minSecuritynewsAustralian cops bust underworld app through compromised software updatesThe authorities infiltrated Ghost’s distribution channel and modified updates to gain access to subscribers’ phones. By Shweta Sharma Sep 18, 2024 4 minsHackingCybercrimenewsMicrosoft re-categorizes fixed Trident bug as zero dayVoid Banshee exploited the Windows MSHTML bug in conjunction with another Microsoft zero day for info-stealing attacks.By Shweta Sharma Sep 17, 2024 3 minsZero-day vulnerabilitynews analysisEuropean digital identity: this is how the EU’s big bet is evolvingThe entry into force of the eIDAS2 Regulation, which promotes European digital identity, has set the clocks ticking for administrations and companies to propose their systems and thus facilitate interoperability for citizens — but there are challenges ahead.By María Ramos Domínguez Sep 17, 2024 7 minsIdentity Management SolutionsopinionWill potential security gaps derail Microsoft’s Copilot?Researchers and analysts warn about a variety of security problems with the company’s generative AI assistant — especially for enterprises that use it with Microsoft 365.By Preston Gralla Sep 17, 2024 6 minsGenerative AIData and Information SecurityopinionPreparing for the next big cyber threatThe chair of OT-ISAC Executive Committee outlines how to build a robust cyber resilience strategy to protect against ransomware, data breaches and emerging AI-powered attacks.By Steven Sim, Chair, Executive Committee, OT-ISAC Sep 17, 2024 6 minsEncryptionThreat and Vulnerability ManagementRisk ManagementnewsMicrosoft summit plots end of kernel access for EDR security clientsAfter years of stalling, the CrowdStrike incident has spurred Microsoft engineers to grasp the nettle. By John E. Dunn Sep 16, 2024 6 minsWindows SecurityEndpoint ProtectionnewsPort of Seattle says August cyberattack was Rhysida ransomwareThe port authority refused ransom demands and is now warning of a possible data leak.By Shweta Sharma Sep 16, 2024 3 minsData BreachRansomwareTransportation and Logistics Industry Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics All topics Close Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management Security Security Infrastructure Software Development Vulnerabilities Popular topicsGenerative AI newsLLMs fueling a “genAI criminal revolution” according to Netcraft reportBy Lynn Greiner Aug 30, 2024 5 minsPhishingHackingGenerative AI featureCustodians looking to beat offenders in gen AI cybersecurity battleBy Shweta Sharma Aug 21, 2024 8 minsGenerative AISecurity Software newsGenerative AI takes center stage at Black Hat USA 2024By Shweta Sharma Aug 08, 2024 6 minsBlack HatGenerative AISecurity Software View topic Cybercrime analysisThe 18 biggest data breaches of the 21st centuryBy Michael Hill, Dan Swinhoe and John Leyden Sep 12, 2024 18 minsData BreachPhishingRSA Conference newsThe US offers a $2.5M bounty for the arrest of Angler Exploit Kit co-distributorBy Shweta Sharma Aug 29, 2024 3 minsHackingCybercrime newsRansomware attack paralyzes milking robots — cow deadBy Martin Bayer Aug 07, 2024 2 minsRansomwareAgriculture IndustryCybercrime View topic Careers featureWhat’s next after the CISO role?By Rosalyn Page Sep 09, 2024 10 minsCSO and CISOCareersIT Leadership feature12 hottest IT security certs for higher pay todayBy Eric Frank Sep 04, 2024 14 minsCertificationsIT SkillsCareers featureWomen in Cyber Day finds those it celebrates ‘leaving in droves’By Howard Solomon Aug 30, 2024 8 minsCareersIT Leadership View topic IT Leadership featureImmediate threats or long-term security? Deciding where to focus is the modern CISO’s dilemmaBy Linda Rosencrance Sep 11, 2024 8 minsCSO and CISOSecurity PracticesIT Leadership featureWant to get ahead? Four activities that can enable a more proactive security regimeBy Mary K. Sep 10, 2024 12 minsCSO and CISOSecurity PracticesIT Leadership featureHow not to hire a North Korean IT spyBy John Leyden Aug 28, 2024 11 minsIT Leadership View topic Upcoming Events24/Sep in-person event FutureIT TorontoSep 24, 2024Vantage Venues, Toronto Events 26/Sep virtual event FutureIT CanadaSep 26, 2024Virtual Event Events 08/Oct in-person event FutureIT DallasOct 08, 2024AT&T Stadium Events View all events In depth featureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada FiscuteanMar 27, 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.4 episodesData and Information Security Ep. 03 Episode 3: The Zero Trust Model Mar 25, 202115 mins Multi-factor AuthenticationCSO and CISORemote Work Ep. 04 Episode 4: Reduce SOC burnout Mar 29, 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Fortinet Need better network performance? Adopt better secure networking strategies By Chris Hinsz Sep 19, 20245 mins Security brandpost Sponsored by Cyber NewsWire SpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers, Highlighting Need for Advanced Cybersecurity Measures By Cyber NewsWire – Paid Press Release Sep 18, 20246 mins CyberattacksSecurity brandpost Sponsored by Fortinet Navigating the future of OT security By Richard Springer Sep 17, 20245 mins Security podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe Aug 07, 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) Jul 17, 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands Jul 08, 202418 mins CSO and CISO video CSO Executive Sessions: DocDoc’s Rubaiyyaat Aakbar on security technology Sep 12, 202419 mins Healthcare IndustryArtificial IntelligenceSecurity video CSO Executive Sessions: Hong Kong Baptist University’s Allan Wong on security leadership Sep 05, 202410 mins Education IndustryIT Leadership video CSO Executive Sessions: EDOTCO’s Mohammad Firdaus Juhari on safeguarding critical infrastructure in the telecommunications industry Sep 05, 202411 mins Telecommunications IndustryCritical InfrastructureSecurity