CISO Featured "We're becoming scapegoats": How have CISOs responded to SEC cyber risk disclosure rules? On the anniversary of the new rules, we speak to industry experts to find out how (and if) things have changed.
SolarWinds SolarWinds and its CISO not off the hook over “materially misleading” security statement "Flat falsehoods" says district judge of public security statement -- but dismisses multiple other SEC claims.
Sponsored CEOs and CIOs need to start accepting “red” security dashboards. Two CISOs explain why... No plan survives contact.
Cybersecurity Feds to CIOs: Actively ask your vendors if they’ve done a SQLi audit... Fix up, look sharp: Uncle Sam is running out of patience with tech firms shipping insecure software. Vendors? Get familiar with the phrase "query parameterization"...
Sponsored Flooded airports, DORA, and IT-security siloes: Cohesity's Mark Molyneux on cyber-resilience Many organisations "don't understand the capabilities that IT can provide to security and that security can provide to IT" says the Barclays veteran. CIOs and CISOs should...
CISO CISCO names former Palo Alto Networks CTO as new CISO in key region APAC security veterans returns after a break recharging.
cybersecurity How CISOs can make sure a cyber insurance claim pays out Leading insurer highlights “shocking blind spots” that “happen over and over again on a daily basis” to invalidate claims.
Cybersecurity Turf wars? NIST to fix NVD backlog by September – insists it’s right agency to run vulnerability database Update comes after CISA started enriching CVEs itself…
Microsoft Microsoft unleashes new Deputy CISOs, will tie leadership compensation to security AWS’s CISO sniffs that “our security culture starts at the top”
LLMs No LLMs aren’t about to “autonomously” hack your company Welcome to your latest episode of “is this exciting or is this mild AI exaggeration™"
cybersecurity CISO-CEO communication gaps continue to undermine cybersecurity Qualys CEO says disconnect can hinder effective security strategies.
NVD As NVD flatlines, cybersecurity professionals call for urgent action Consortium plans “doomed” as rumours swirl over vulnerability database program borkage.
Cybersecurity Sisense breach: CISO posts guidance amid frantic community action "They have direct access to JDBC connections, to SSH, and to SaaS platforms... This is a worst case scenario"
Microsoft Microsoft roasted over “cascade of security failures” – authentication system utterly broken "A corporate culture that deprioritized both enterprise security investments and rigorous risk management."
cybersecurity Malicious backdoor, CVSS 10, slipped onto major Linux distributions Poisoned Easter eggs for all: Apparent supply chain attack caught mercifully early…
cybersecurity UK nuclear waste firm Sellafield Ltd. prosecuted over cyber failings Prosecution follows allegations of extensive pwnage, desperately poor hygiene, and as CISO falls on his sword.
CISO Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim "The entire analysis from the original post is wrong. It shows only the negative value of using LLM in such cases..."
Microsoft Featured Microsoft customers are being targeted after Redmond's source code, secrets were stolen A raid by Russian hackers penetrated deeper than first thought: "Some of these secrets were shared between customers and Microsoft..."
CNI Less talk, more action on CNI cyber resilience, say White House advisors "Almost no information is currently available to indicate how an organization is preparing for future cyber-physical challenges. This has to change."
Fortinet Fortinet patches MORE pre-auth RCEs, with exploits reported. Ivanti also slips out a fresh VPN fix... "Disable SSL VPN (disable webmode is NOT a valid workaround..."
Microsoft How Russian spooks hacked Microsoft, the gap in its “morally indefensible” response, and what CISOs can learn from the attack Expect to start hearing more about MS Graph...
vulnerabilities vCenter Server vulnerability went exploited for two years unnoticed. Attacks are ongoing There are no workarounds that remove the vulnerability, which allows unauthenticated remote command execution on vulnerable systems. A patch is available.
Members only cybersecurity OpenAI, TikTok, X hunt insider threat specialists -- on widely diverging salary bands
CISO Microsoft appoints a new Global CISO amid security leadership shakeup "A storied career in high-scale/high-security, demanding environments"