Latest from todayfeature7 biggest cybersecurity stories of 2024CrowdStrike, Change Healthcare, rising ransomware threats and cyber regulations — here’s what dominated the headlines this year and how CISOs and cyber pros are adapting.By John Leyden24 Dec 202410 minsData BreachRansomwareRegulation feature Top 7 zero-day exploitation trends of 2024By Lucian Constantin23 Dec 202411 minsSecurityThreat and Vulnerability ManagementVulnerabilitiesopinion Enhance Microsoft security by ditching your hybrid setup for Entra-only joinBy Susan Bradley20 Dec 20247 minsCloud SecuritySecurity PracticesWindows Security featureThe 10 biggest issues CISOs and cyber teams face todayBy Mary K. Pratt 28 Oct 202410 minsCSO and CISOCyberattacksRegulation newsUS order is a reminder that cloud platforms aren’t secure out of the boxBy Howard Solomon 20 Dec 20245 minsCloud SecurityGovernment IT newsRussia fires its biggest cyberweapon against UkraineBy Gyana Swain 20 Dec 20244 minsCyberattacksSecurity featureTop security solutions being piloted today — and how to do it rightBy Eric Frank 19 Dec 202410 minsIT StrategySecurity featureSecurity leaders top 10 takeaways for 2024By Rosalyn Page 16 Dec 202411 minsCSO and CISOIT Leadership featureThe 7 most in-demand cybersecurity skills todayBy Eric Frank 12 Dec 202411 minsApplication SecurityCloud SecurityCompliance More security newsnewsUS eyes ban on TP-Link routers amid cybersecurity concernsExperts warn that hacked devices can serve as entry points for corporate espionage, DDoS attacks on enterprise systems, and the interception of sensitive information over VPNs.By Gyana Swain 19 Dec 2024 5 minsNetwork SecuritySecurityVulnerabilitiesnewsEuropean authorities say AI can use personal data without consent for trainingThe European Data Protection Board advised national regulators to allow personal data to be used for AI training, as long as the final product doesn’t reveal personal information.By Evan Schuman 18 Dec 2024 7 minsData PrivacyGDPRnewsCisco grabs SnapAttack for threat detectionSnapAttack, a privately held company headquartered in Arlington, Virg., is known for its threat detection and engineering platform.By Michael Cooney 18 Dec 2024 1 minMergers and AcquisitionsNetwork SecuritySecuritynewsA new ransomware regime is now targeting critical systems with weaker networksRansomware entrants are already gaining prominence for using VPN flaws to gain access and maintain persistence in critical industrial systems.By Shweta Sharma 18 Dec 2024 4 minsRansomwareSecuritynewsMeta hit with $263 million fine in Europe over 2018 data breachThis latest penalty adds to a series of GDPR fines against Meta, bringing the total to $3 billion. By Prasanth Aby Thomas 18 Dec 2024 4 minsData BreachGDPRSecurityfeatureKey strategies to enhance cyber resilienceTo avoid costly downtime and brand reputational damage security experts offer four key measures to ensure the minimal amount of downtime possible during an unplanned event.By Jaikumar Vijayan 18 Dec 2024 7 minsCloud SecurityCyberattacksData and Information SecurityopinionCISOs should stop freaking out about attackers getting a boost from LLMsWhy bad actors are not gaining the upper hand in their nefarious plans with assistance from AI but more likely finding themselves falling a little behind. By Christopher Whyte 18 Dec 2024 8 minsCSO and CISOHacker GroupsHackingnewsThis new cipher tech could break you out of your Gen AI woesAs companies scramble for tougher shields against Gen AI risks, homomorphic encryption steps into the spotlight, bringing a unique superpower: it can crunch encrypted data without ever cracking it open. By Shweta Sharma 17 Dec 2024 7 minsEncryptionGenerative AISecuritynewsLesson from latest SEC fine for not completely disclosing data breach details: ‘Be truthful’After a Michigan financial institution agrees to pay US$7 million in regulatory fines, an expert says CISOs and boards should realize proper public disclosure ‘isn’t rocket science.’By Howard Solomon 17 Dec 2024 6 minsData BreachRegulationnewsAttackers exploit zero-day RCE flaw in Cleo managed file transfer The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.By Lucian Constantin 17 Dec 2024 6 minsVulnerabilitiesZero-day vulnerabilitynewsThat cheap webcam? HiatusRAT may be targeting it, FBI warnsCyberattackers are scanning for vulnerable web cameras and DVRs to install a remote access Trojan previously used against the DoD and over a hundred companies.By Tristan Fincken 17 Dec 2024 3 minsCyberattacksSecurityVulnerabilitiesnewsUS moves to tighten restrictions on China Telecom amid security fearsLast week, the government issued a preliminary ruling deeming China Telecom Americas’ US network and cloud operations a national security risk.By Prasanth Aby Thomas 17 Dec 2024 1 minCloud SecuritySecurityTelecommunications Industry Show more Show less Explore a topic Generative AI Application Security Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security View all topics Spotlight: Optimizing the Cloud Articles • Buyer’s Guide Cloud computing is now standard technology for business, so IT must now navigate its costs, security, and optimization at a whole new level. View all Popular topicsGenerative AI brandpostSponsored by Microsoft SecurityThe imperative for governments to leverage genAI in cyber defenseBy Alvaro Vitta, Microsoft Global CyberSecurity Lead, Public Sector 11 Dec 2024 5 minsGenerative AISecurity featureGen AI use cases rising rapidly for cybersecurity — but concerns remainBy John Leyden 09 Dec 2024 8 minsGenerative AISecurity Operations CenterSecurity Practices news analysis10 most critical LLM vulnerabilitiesBy Maria Korolov and Michael Hill 03 Dec 2024 18 minsGenerative AIVulnerabilities View topic Cybercrime newsEuropol shutters 27 DDoS sites in major crackdownBy Mikael Markander 12 Dec 2024 2 minsCybercrimeDDoS newsEuropean law enforcement breaks high-end encryption app used by suspectsBy Evan Schuman 04 Dec 2024 7 minsCSO and CISOCybercrimeEncryption newsAustralia’s first Cyber Security Act passes both housesBy Samira Sarraf 25 Nov 2024 4 minsCybercrimeRansomwareRegulation View topic Careers featureTalent overlooked: embracing neurodiversity in cybersecurityBy Rosalyn Page 04 Dec 2024 12 minsCareersSecurity featureThe CSO guide to top security conferencesBy CSO Staff 29 Nov 2024 5 minsApplication SecurityEventsTechnology Industry feature17 hottest IT security certs for higher pay todayBy Eric Frank 22 Nov 2024 17 minsCareersCertificationsIT Skills View topic IT Leadership opinionDear CEO: It’s time to rethink security leadership and empower your CISOBy Tyler Farrar 05 Dec 2024 6 minsBusiness IT AlignmentCEOCSO and CISO opinionWant to be a cybersecurity pro? Use generative AI to get some simulated trainingBy Jon Oltsik 03 Dec 2024 6 minsCSO and CISOIT LeadershipIT Training featureHow not to hire a North Korean IT spyBy John Leyden 28 Nov 2024 11 minsIT Leadership View topic Upcoming Events12/Mar in-person event FutureIT Los Angeles12 Mar 2025The Biltmore Technology Industry 04/May-06/May in-person eventWork+ – The New Future of Work: AI, Emerging Tech & Where IT Can Lead04 May 2025Loews Vanderbilt Hotel Nashville Artificial Intelligence 25/Jun in-person event FutureIT Dallas25 Jun 2025Union Station Events View all events In depth FeatureWho owns your data? SaaS contract security, privacy red flagsCompanies looking to use SaaS solutions should involve the security team in the procurement process and pay attention to contract language.By Andrada Fiscutean27 Mar 202410 mins Data and Information Security Read the Article Podcasts podcastsSponsored by Microsoft SecurityStrengthen and Streamline Your SecurityThis podcast series brought to you by Microsoft and IDG, will explore the core components of a modern security strategy, with insights and tips from leading security experts. We’ll discuss how ongoing and ever-changing threats, a growing security stack, and a shift to remote work make it difficult for CISOs and their security teams to balance enterprise-grade security with end-user productivity.0 episodeData and Information Security Ep. 03 Episode 3: The Zero Trust Model 25 Mar 202115 mins CSO and CISOMulti-factor AuthenticationRemote Work Ep. 04 Episode 4: Reduce SOC burnout 29 Mar 202115 mins CSO and CISOPhishingRemote Work Show me moreLatestArticlesPodcastsVideos brandpost Sponsored by Microsoft Security From reactive to proactive: Redefining incident response with unified, cloud-native XDR By Matt Egen, Principal Security Global Black Belt at Microsoft 19 Dec 20244 mins SecuritySecurity Operations Center brandpost Sponsored by Fortinet Don’t overlook these key SSE components By Nirav Shah, SVP of Products and Solutions, Fortinet 18 Dec 20244 mins Security how-to Download our breach and attack simulation (BAS) buyer’s guide By Maria Korolov 18 Dec 20241 min CyberattacksData BreachPenetration Testing podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands 08 Jul 202418 mins CSO and CISO video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 1) 04 Nov 202419 mins Critical InfrastructureSecuritySupply Chain video CSO Executive Sessions: Standard Chartered’s Alvaro Garrido on cybersecurity in the financial services industry 23 Oct 202410 mins Financial Services IndustrySecurity