Infosecurity News
CISO Confidence in AI Security Grows as GenAI Adoption Rises
Nearly six out of ten surveyed ClubCISO members are confident AI is used securely in their organizations
Infosecurity News
UK Lags Europe on Exploited Vulnerability Remediation
UK organizations are less likely than their European peers to have known exploited bugs but take longer to fix them
The Record
SEC to require financial firms to have data breach incident plans
“The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify,” SEC Chair Gary Gensler said. “That’s good for investors.”
Infosecurity News
A Third of CISOs Have Been Dismissed “Out of Hand” By the Board
Trend Micro research claims CISOs are often ignored or dismissed as “nagging” by their board
The Cyber Express
The Cyber Express Sets the Stage to Host World CyberCon META Edition 2024 in Dubai
This May, the heartbeat of the cybersecurity industry will resonate through Dubai, where The Cyber Express is set to host
Security Magazine
25% of CISOs in tech are not satisfied with their compensation
A report detailing tech CISO compensation, mobility and job position satisfaction shows that a quarter of CISOs are unhappy with their compensation.
The Record
Okta’s security chief on the company’s own cyberattack and how the ‘battleground’ has shifted
Okta Chief Security Officer David Bradbury discusses lessons from the incident, how nation-state threats are evolving, and how AI is already influencing identity-based attacks.
Infosecurity News
RSAC: How CISOs Should Protect Themselves Against Indictments
Experts at the RSA Conference discussed what CISOs can do to protect themselves against legal pressure
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 3)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
CSO
Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats
The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies.
DarkReading
CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes
The research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year — roughly 18% year over year.
The Hacker News
A SaaS Security Challenge: Getting Permissions All in One Place
Achieve regulatory compliance with ease. A permissions inventory enables access recertification, SOD checks, and controlled access to sensitive data.
Infosecurity News
A Third of Tech CISOs Are Unhappy With Their Income
New IANS Research data finds many tech CISOs are concerned about their compensation as salaries stagnate
DarkReading
What's the Future Path for CISOs?
A panel of former CISOs will lead the closing session of this week's RSA Conference to discuss challenges and opportunities.
Infosecurity News
Three Battle-Tested Tips for Surviving a Cyber-Attack
CISOs share their experience of managing real-life cyber incidents provide their recommendations to survive cyber-attacks
DarkReading
LLMs & Malicious Code Injections: 'We Have to Assume It's Coming'
Large language models promise to enhance secure software development life cycles, but there are unintended risks as well, CISO warns at RSAC.
.png)
Cyber Security News
Internal Communication Gaps Exposes Organizations to Cyber Attacks
However, a significant communication gap within organizations is increasingly a vulnerability, exposing to sophisticated cyber threats.
DarkReading
CISO Corner: Verizon DBIR Lessons; Workplace Microaggression; Shadow APIs
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: a Tech Tip on setting up DMARC, a DNS mystery from Muddling Meerkat, and a cybersecurity checklist for M&A transitions.
DarkReading
GAO: NASA Faces 'Inconsistent' Cybersecurity Across Spacecraft
The space agency needs to implement stricter policies and standards when it comes to its cybersecurity practices, but doing so the wrong way would put machinery at risk, a federal review found.
SecurityWeek
Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report
Microsoft security chief Charlie Bell pledges significant reforms and a strategic shift to put security above all other product features.
CyberSecurity Dive
Microsoft restructures security governance, aligning deputy CISOs and engineering teams
The company will enhance management roles under the CISO and partially tie compensation to security performance.
Security Magazine
Verizon 2024 Data Breach Report shows the risk of the human element
The 2024 Data Breach Investigations Report reveals the role that the human element plays in cyber threats, and security leaders are weighing in.
CSO
Microsoft continues to add, shuffle security execs in the wake of security incidents
The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network.
Infosecurity News
Three-Quarters of CISOs Admit App Security Incidents
Dynatrace research claims global CISOs are concerned AI is driving advanced app security threats and poor developer practices
CSO
NIST publishes new guides on AI risk for developers and CISOs
Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals.
SecurityWeek
CISO Conversations: Talking Cybersecurity With LinkedIn's Geoff Belknap and Meta's Guy Rosen
SecurityWeek discusses cybersecurity leadership with Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.
DarkReading
Verizon DBIR: Basic Security Gaffes Cause Breach Surge
MOVEit drove a big chunk of the increase, but social engineering and failure to patch led to a doubling of data breaches since 2023, said Verizon Business.
CSO
Most attacks affecting SMBs target five older vulnerabilities
Attackers target flaws for a reason: Even years after they are discovered, they still work.
SecurityWeek
Should Cybersecurity Leadership Finally be Professionalized?
Professionalization could be a solution to the increased cybersecurity risk for corporate and national security; and the mental health and even physical liberty of CISOs. But it’s not easy.
Security Magazine
72% of CISOs believe AI solutions may lead to security breaches
A new report surveyed more than 400 CISOs from the United States and the United Kingdom to gauge their challenges, priorities and initiatives.
SC Magazine
Ten years of Heartbleed: Lessons learned
A look back at the Heartbleed bug and measuring its’ legacy, impact and how some view one of cybersecurity’s biggest headaches as an important learning moment.
The Record
Standard Chartered CEO on why cybersecurity has become a 'disproportionately huge topic' at board meetings
The CEO of one of the largest banks in the world discusses cryptocurrency and artificial intelligence, as well as how he's been able to influence cybersecurity culture.
DarkReading
CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.
Security Magazine
93% of security leaders anticipate daily AI attacks by 2025
Security leaders predict that AI will become a more prevalent tool in the tool kit of cybercriminals, potentially powering a range of cyberattacks.
CyberSecurity Dive
What is success in cybersecurity? Failing less.
Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse.
Infosecurity News
High Performance Podcast Duo to Unveil Secrets of Success at Infosec
Jake Humphrey and Professor Damian Hughes, the minds behind the High Performance Podcast, share their top non-negotiable behaviours for success in cybersecurity
CSO
Cisco urges immediate software upgrade after state-sponsored attack
Hackers exploited previously undetected vulnerabilities in Cisco’s Adaptive Security Appliances — a product that combines multiple cybersecurity functions.
Infosecurity News
Security Leaders Braced for Daily AI-Driven Attacks by Year-End
Netacea research found that 93% of security leaders expect to face daily AI-driven attacks by the end of 2024, with 65% predicting that offensive AI will be the norm for cybercriminals
Infosecurity News
Fifth of CISOs Admit Staff Leaked Data Via GenAI
One in five UK organizations have had corporate data exposed unwittingly by employees using generative AI
The Hacker News
Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation
With enterprises using 53 different security solutions, why are breaches still a frequent reality? Unpack the paradox in our latest report.
CyberSecurity Dive
Majority of businesses worldwide are implementing zero trust, Gartner finds
Programs are typically sponsored by C-suite executives, while the CISO is often tasked with execution, according to Gartner.
The Cyber Express
Beyond 24/7: How Smart CISOs are Rethinking Threat Hunting
By Andrew Hural, VP of Managed Detection and Response, UnderDefense Do you know how firefighters famously run to their stations
DarkReading
CISO Corner: Breaking Staff Burnout, GPT-4 Exploits, Rebalancing NIST
SecOps highlights this week include the executive role in "cyber readiness;" Cisco's Hypershield promise; and Middle East cyber ops heat up.
SecurityWeek
BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems
Investors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability.
DarkReading
Break Security Burnout: Combining Leadership With Neuroscience
Industry leaders aim to solve the threat to both the mental health of workers and security of organizations with solutions that recognize the enormous pressures facing cybersecurity professionals.
Infosecurity News
Trust in Cyber Takes a Knock as CNI Budgets Flatline
Bridewell report reveals critical infrastructure firms are losing faith in their defensive tooling
Infosecurity News
Report Suggests 93% of Breaches Lead to Downtime and Data Loss
According to Pentera, firms are allocating 13% of their total IT security budgets to pentesting
Security Affairs
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
CyberSecurity Dive
Cybersecurity jobs pay well, but gender disparities persist
ISC2’s analysis found significant financial upside for professionals in U.S. cybersecurity jobs, but there are gaps across levels of seniority by gender.
Krebs on Security
Why CISA is Warning CISOs About a Breach at Sisense
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard.…
CSO
Boys’ club mentality still a barrier to women’s success in cybersecurity careers
Employers’ efforts to hire and retain more women in cybersecurity roles can be undermined by a hostile working environment.
The Hacker News
Hands-on Review: Cynomi AI-powered vCISO Platform
Need to scale vCISO services without draining your resources? Cynomi's AI-driven platform automates security assessments, compliance readiness, policy
SecurityWeek
Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation
Data security company Cyera’s latest $300 million funding round brings the total raised by the firm to $460 million, at unicorn valuation.
CyberSecurity Dive
CISO role shows significant gains amid corporate recognition of cyber risk
A report from Moody’s Ratings shows CISOs and other senior-level cyber executives have become key decision makers within the C-suite.
SecurityWeek
CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne)
SecurityWeek discusses the CISO role with CISOs from crowdsourced hacking firms: Nick McKenzie at Bugcrowd and Chris Evans at HackerOne.
DarkReading
CISO Corner: Ivanti's Mea Culpa; World Cup Hack; CISOs & Cyber-Awareness
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Dealing with a Ramadan cyber spike; funding Internet security; and Microsoft's Azure AI changes.
The Hacker News
CISO Perspectives on Complying with Cybersecurity Regulations
Navigating cybersecurity compliance just got easier. Our latest blog taps into the wisdom of CISOs to share strategies for managing data security requ
Computerworld
A phish by any other name should still not be clicked
Why are so many companies sending out emails to customers that look like phasing attempts? Don't they pay attention to their own security efforts?
DarkReading
Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed
So far this year, Ivanti has acknolwdged a total of 11 flaws — many of them critical — in its remote access products.
Infosecurity News
Deepfake Expert Henry Ajder to Keynote Infosecurity Europe 2024 on AI
Infosecurity Europe 2024 will feature a keynote presentation by deepfake expert Henry Ajder, exploring the implications of generative AI on cybersecurity
DarkReading
CISO Corner: Cyber-Pro Swindle; New Faces of Risk; Cyber Boosts Valuation
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023's zero-day field day.
SecurityWeek
The Complexity and Need to Manage Mental Well-Being in the Security Team
Avoiding burnout in cybersecurity: Mental well-being is essential but is under constant threat from stress in the cybersecurity profession.
CyberSecurity Dive
Boards need to brush up on cybersecurity governance, survey finds
SEC cyber disclosure rules are calling attention to corporate boards’ need to enhance their approach to cybersecurity oversight and compliance.
DarkReading
Corporations With Cyber Governance Create 4X More Value
Those with special committees that include a cyber expert rather than relying on the full board more likely to improve security and financial performance.
CyberSecurity Dive
How CISO salaries are faring as businesses ask more of security
As CISOs become more welcomed as full members of the C-suite, they are enjoying the compensation and perks that come with the status.
CyberSecurity Dive
Security concerns creep into generative AI adoption
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
SecurityWeek
UK Firm Think Cyber Raises $3.8 Million for Staff Security Nudging
Think Cyber focuses on reducing "bad" staff behavior with a solution designed to increase secure behavior through the concept of ‘nudging’.
CyberSecurity Dive
The nation’s first academic space cybersecurity program welcomes the 2nd cohort
IU’s new Space Governance Lab is breaking new grounds (or spaces) again.
SC Magazine
GoFetch: Apple chips vulnerable to encryption key stealing attack
Data memory-dependent prefetching can enable side-channel extraction of cryptographic secrets.
SecurityWeek
Risk and Regulation: Preparing for the Era of Cybersecurity Compliance
The next twelve months will see the implementation of several regulations designed to improve cybersecurity standards across various industries.
Trend Micro
NIST Launches Cybersecurity Framework (CSF) 2.0
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the official 2.0 version of the Cyber Security Framework (CSF).
DarkReading
5 Ways CISOs Can Navigate Their New Business Role
CISOs can successfully make their business operations more secure and play a larger role in the organization's overall strategy, but there are pitfalls to avoid, Forrester analysts warn.
Bleeping Computer
Avoid high cyber insurance costs by improving Active Directory security
With the growing number of data breaches and cyberattacks, insurance premiums are increasing. Learn more from Specops Software about how securing an Activity Directory could lead to lower cyber insurance premiums.
The Hacker News
Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In
New SEC Cyber Disclosure Rules demand more transparency on cyber risk management. Is your company ready to comply and showcase its cybersecurity resil
CyberSecurity Dive
Security consultation is a non-negotiable for M&A activity
Over 20% of external cloud services change monthly. Without visibility, it is easy to lose track of changes and prevent risks. Get the report to learn more.
DarkReading
6 CISO Takeaways from the NSA's Zero-Trust Guidance
All companies — and not just federal agencies — should aim to adopt the "network and environment" pillar of the National Security Agency's zero-trust guidelines.
The Hacker News
3 Things CISOs Achieve with Cato
CISOs globally are turning to Cato SSE 360 for seamless SASE and SSE transitions, achieving top results in visibility, threat prevention, and data sov
SecurityWeek
Webinar Today: CISO Strategies for Boardroom Success
Webinar: CISO Strategies for Boardroom Success - Discussion will address the emerging responsibilities for the CISO role.
.jpg?disable=upscale&width=1200&height=630&fit=crop)
DarkReading
The CISO Role Is Changing. Can CISOs Themselves Keep Up?
What happens to security leaders that don't communicate security well enough? "Ask SolarWinds."
DarkReading
CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
The Cyber Wire
Thoughts on International Women's Day 2024.
With March being Women's History Month, and March 8th the observance of International Women's Day, we assembled some thoughts and quotes with these themes in mind from women in our industry to share. Women make up about 25-26% of the cybersecurity workforce. You can read more about that in ISC2's Cyber Workforce Study 2023 here. Based on a recent survey here at N2K CyberWire, nearly a third of our responding audience is female which is up significantly from just a few years ago. We are very proud of the work we do at N2K Networks to support women in STEM. We recently published an encore of our Breaking Through: Securing the advancement of women in cybersecurity panel in honor of International Women's Day. In addition, we are highlighting the work of women in the industry throughout the month of March. We hope you enjoy this bonus content.
The Hacker News
Secrets Sensei: Conquering Secrets Management Challenges
Unlock the secrets to robust cybersecurity with our guide on secrets management. Learn the common mistakes, lesser-known pitfalls.
The Cyber Express
Shattering the Glass Ceiling: 7 Strategies to Inspire Inclusion and Empower Women in Cybersecurity
In the fast-paced world of cybersecurity, diversity isn't just a buzzword; it's a necessity for success. Yet, the door to
The Cyber Express
Human Error, Not Hackers, Top Cybersecurity Threat, Say CTOs
In today's digital landscape, the threat of cyberattacks looms large, with organizations facing increasingly sophisticated threats. According to research conducted
The Hacker News
From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies
Facing the SaaS security maze? Discover how mid-market companies are navigating the complexities of rapid growth and evolving threats.
DarkReading
CISO Corner: Operationalizing NIST CSF 2.0; AI Models Run Amok
Dark Reading's roundup of strategic cyber-operations insights for chief information security officers and security leaders. Also this week: SEC enforcement actions, biometrics regulation, and painful encryption changes in the pike.
SC Magazine
AppSec survey reveals troubling trends
An eye-opening 92% of applications developed in-house were breached in the last year, survey respondents revealed in a report released Thursday.
The Hacker News
How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI
Cybersecurity isn't just about spending more; it's about spending smart. Discover how a risk-based approach can maximize your security ROI.
Infosecurity News
How Security Leaders Can Break Down Barriers to Enable Digital Trust
ISACA's Rob Clyde and Pam Nigro discuss how to advance digital trust in a security context
CyberSecurity Dive
CFOs take backseat to CISOs on SEC cyber rules
Less than half of finance chiefs are involved in the SEC's cybersecurity breach disclosure process, AuditBoard found.
DarkReading
Orgs Face Major SEC Penalties for Failing to Disclose Breaches
In what could be an enforcement nightmare, potentially millions of dollars in fines, reputational damage, shareholder lawsuits, and other penalties await companies that fail to comply with the SEC's new data-breach disclosure rules.
Infosecurity News
OWASP Releases Security Checklist Generative AI Deployment
The OWASP Foundation provides new guidelines to deploy secure-by-design LLM use cases
SecurityWeek
Cyber Insights 2024: Ransomware
The ransomware threat will continue to grow and expand. It is the quintessential business plan for cybercriminals.
DarkReading
CISO Corner: CIO Convergence, 10 Critical Security Metrics, & Ivanti Fallout
Also in this issue: Mideast investment, new FCC breach notification rules, and how Dark Reading readers use GenAI tools in their cybersecurity apparatus.
SecurityWeek
Beyond the Hype: Questioning FUD in Cybersecurity Marketing
The cybersecurity industry must question marketing claims and use of Fear, Uncertainty, and Doubt (FUD) and misinformation to sell products.
SC Magazine
Prudential Financial reports Feb. 4 cyberattack in SEC filing
Security pros say more companies will report early in 8-K filings even if there’s no “material impact.”
DarkReading
Middle East & Africa CISOs Plan to Increase 2024 Budgets by 10%
New data shows higher-than-expected cybersecurity growth in the Middle East, Turkey, and Africa region, thanks to AI and other factors.
SecurityWeek
Seeing is Believing… and Securing
Marsh says by adopting its recommended controls, 14% of its customers enjoyed lower cyber insurance premiums in the past year.
Trend Micro
SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes
This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability.
CSO
New API security startup claims edge over legacy protection capabilities
Vorlon API security scans existing all in-house and third-party APIs an organization uses to detect anomalies and malicious connections.
Loading more articles....