Eine aktuelle Studie zeigt: Die Umsetzung von Cybersicherheitsmaßnahmen im DACH-Raum scheitert oft nicht an der Bereitschaft, sondern am Budget.| CSO Online
Nach einem Cybervorfall müssen CISOs die richtigen Strategien, Rollen und Prozesse zur Hand haben. Diese Tipps können helfen.| CSO Online
OT-Security unterscheidet sich grundlegend von IT-Security. Erfahren Sie, welchen Angreifern, Risiken und Bedrohungen Industrieanlagen gegenüberstehen und wie Unternehmen für Sicherheit sorgen können.| CSO Online
CISOs face increasing personal and criminal liability for improper or incomplete risk management and disclosure during cyber incidents. The SEC, DOJ and international regulators are targeting executives who knowingly omit or distort cyber risk information. Increasing attacks on IoT and OT device vulnerabilities Cyberattacks are increasingly driven by software vulnerabilities embedded in OT and IoT devices. The 2025 Verizon Data Breach Investigations Report noted that 20% of breaches were vuln...| How evolving regulations are redefining CISO responsibility | CSO Online
Microsoft has patched an indirect prompt injection flaw in Microsoft 365 Copilot that could have allowed attackers to steal sensitive data using clickable Mermaid diagrams. According to findings published by security researcher Adam Logue, the exploit could be triggered through specially crafted Office documents containing hidden instructions. When processed by Copilot, these prompts caused the assistant to fetch recent enterprise emails, convert them into a hex-encoded string, and embed that...| How evolving regulations are redefining CISO responsibility | CSO Online
Days after cybersecurity analysts warned enterprises against installing OpenAI’s new Atlas browser, researchers have discovered a vulnerability that allows attackers to infect systems with malicious code, granting themselves access privileges, or deploy malware. The development raises immediate questions about the enterprise readiness of AI-native browsers. The Atlas browser has come under scrutiny after researchers at LayerX Security revealed that attackers could exploit the flaw to inject...| How evolving regulations are redefining CISO responsibility | CSO Online
In August 2025, Volvo Group North America disclosed that it had been impacted by a data breach originating in its third-party HR software provider, Miljödata. Although Volvo insisted its internal systems remained untouched, the timeline of detection and disclosure raises questions about forensic readiness and incident-response maturity. Miljödata first detected suspicious activity on August 23, three days after what appeared to have been the initial intrusion. It wasn’t until September 2 ...| How evolving regulations are redefining CISO responsibility | CSO Online
Cyberangriffe stellen viele Banken und Versicherungen vor große Probleme.Golden Dayz – shutterstock.com Systemkritische Branchen wie die Finanzindustrie geraten immer häufiger ins Visier von Cyberkriminellen. Die Anzahl der Cyberangriffe hat sich in diesem Bereich im Vergleich zum Jahr 2021 versechsfacht. Das geht aus einer aktuellen Umfrage des Beratungs- und Softwarehauses PPI hervor, für die hierzulande 50 Banken und 53 Versicherungen befragt wurden. 64 Prozent der Befragten sehen Cyb...| How evolving regulations are redefining CISO responsibility | CSO Online
Looking back on my years in national defense, one lesson stands out above the rest: speed and coordination are everything. Waiting until the dust settles to act after an attack can mean major setbacks at best, or dire consequences at worst. The same rings true in enterprise cybersecurity. Reactive decisions post-breach are often too late to prevent financial losses or business disruptions. The stakes are especially high when the target is critical infrastructure — think hospitals, regional ...| How evolving regulations are redefining CISO responsibility | CSO Online
Bundesinnenminister Alexander Dobrindt (CSU) will im kommenden Jahr eine Gesetzesänderung zur Cyberabwehr vorstellen.hotocosmos1 – shutterstock.com Bundesinnenminister Alexander Dobrindt (CSU) stößt mit Plänen für eine aktive Cyberabwehr auf Zustimmung. Dabei geht es um Attacken auf die Urheber von Cyberangriffen gegen Deutschland, wenn deren Server im Ausland stehen. Grünen-Fraktionsvize Konstantin von Notz sagte dem Handelsblatt, man stehe dem Vorhaben offen gegenüber, wenn es de...| How evolving regulations are redefining CISO responsibility | CSO Online
Nearly half (47%) of organizations reported a cyberattack or data breach involving a third-party accessing their network in the 12 months to mid-2025, according to Imprivata and Ponemon report. As organizations increasingly rely on services providers to help manage critical systems and security operations – from cloud infrastructure and data platforms to managed security and AI services – the risk of exposure also grows. Security leaders face mounting pressure from boards to provide assur...| How evolving regulations are redefining CISO responsibility | CSO Online
Roughly 70% of security executives believe internal conflicts during a crisis cause more problems than the cyberattack itself. “CISO-CEO tension, unclear authority, unrehearsed scenarios, and communication gaps between key teams cripple breach response despite major investments in tools and talent,” concludes the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report, based on a survey of 480 senior US cybersecurity leaders. “Blurred authority and shifting responsibilit...| How evolving regulations are redefining CISO responsibility | CSO Online
Die Zahlung des Lösegelds nach einer Ransomware-Attacke ist keine Garantie für eine reibungslose oder gar erfolgreiche Wiederherstellung der Daten. AndryDj – shutterstock.com Zwei von fünf Unternehmen, die Cyberkriminellen für die Entschlüsselung von Ransomware bezahlen, können ihre Daten nicht wiederherstellen. Das hat eine weltweite Umfrage des Versicherungsanbieters Hiscox unter 1.000 mittelständischen Unternehmen ergeben. Die Ergebnisse zeigen, dass Ransomware nach wie vor eine g...| How evolving regulations are redefining CISO responsibility | CSO Online
On October 10, Europol, in cooperation with police authorities in Estonia, Finland, Latvia and Austria, raided a cybercrime-as-a-service (CaaS) network. During the raid, seven people were arrested who are believed to have swindled millions of euros through the criminal activity. In addition, five servers, 40,000 active SIM cards, four luxury cars, bank accounts and crypto wallets were seized, Europol said. In total, the network is suspected of having created 49 million fake accounts for users...| How evolving regulations are redefining CISO responsibility | CSO Online
Agenda ransomware group, popularly known as Qilin, has been abusing legitimate remote management and file transfer tools, security researchers revealed in a new disclosure. By deploying a Linux-based ransomware binary on Windows hosts, the threat actor has affected more than 700 victims since January 2025. According to Trend Micro findings, the cross-platform execution sidesteps Windows-centric detections and security solutions, including conventional endpoint detection and response platforms...| How evolving regulations are redefining CISO responsibility | CSO Online
As data sovereignty laws fracture the global internet, CSOs are scrutinizing ambitious new compliance blueprints, with their success or failure set to redefine security architectures for a generation. “Project Texas” may just be the most visible attempt to realign a global platform’s data, access and governance with U.S. jurisdiction and oversight. In practice, it is an in-country operating model: sensitive U.S. user data is localized, access is brokered under U.S. law and an external o...| How evolving regulations are redefining CISO responsibility | CSO Online
The CISO job is tough, and it’s getting tougher: 66% of security leaders surveyed for the 2025 State of Cybersecurity report from professional association ISACA said their roles are more stressful today than they were five years ago — in the midst of a pandemic. Dig into all they’re facing, and it’s no wonder why security leaders and their teams are stressed. CISOs are dealing with rising risks, competing priorities, limited budgets, and more. Here, they cite the 10 issues that are to...| How evolving regulations are redefining CISO responsibility | CSO Online
Identity & Access Management ist für sicherheitsbewusste Unternehmen im Zero-Trust-Zeitalter Pflicht. Das sind die besten IAM-Anbieter und -Tools. Foto: ne2pi – shutterstock.com Identität wird zum neuen Perimeter: Unternehmen verlassen sich immer seltener auf die traditionelle Perimeter-Verteidigung und forcieren den Umstieg auf Zero-Trust-Umgebungen. Sicherer Zugriff und Identity Management bilden die Grundlage jeder Cybersicherheitsstrategie. Gleichzeitig sorgt die Art und Weise, wie si...| How evolving regulations are redefining CISO responsibility | CSO Online
Are you sure you’re still alive? If so, you may fall for a phishing scam aimed at getting the master login passwords of LastPass password manager users. OK, this sounds weird, but in some ways it isn’t. If a person dies, their immediate family may not know how to get into the deceased’s password manager, and may contact the vendor asking for access. Scammers suspected of being part of the CryptoChameleon cyber criminal group are trying to take advantage of that by sending oddly-worded ...| How evolving regulations are redefining CISO responsibility | CSO Online
Microsoft released out-of-band patches on Thursday to “comprehensively” fix a critical vulnerability in the Windows Server Update Service (WSUS) after the first patches released on Oct. 14 proved insufficient. Attackers exploited the vulnerability in the wild after a detailed vulnerability analysis and proof-of-concept exploit were published this week. Tracked as CVE-2025-59287, the vulnerability stems from an unsafe deserialization of the AuthorizationCookie object in WSUS environments. ...| How evolving regulations are redefining CISO responsibility | CSO Online
Cybersecurity researchers could face criminal charges for performing their legitimate work if the United Nations Convention against Cybercrime is ratified in a process beginning in Hanoi, Vietnam, this weekend, critics say. Tech industry group Cybersecurity Tech Accord said today that little has changed since it presented a detailed critique of the UN Convention against Cybercrime more than a year ago. The group, comprising tech heavyweights Arm, Cisco, Cloudflare, Dell, Meta, Microsoft, Sale...| How evolving regulations are redefining CISO responsibility | CSO Online
Cybersecurity researchers from ESET have identified a new Lazarus Group campaign targeting European defense contractors, particularly those involved in unmanned aerial vehicle (UAV) development. According to ESET findings, the threat actors used fake job offers and trojanized open-source software, as is customary in their Operation Dreamjob campaigns, to infiltrate their targets. “Some of these are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation m...| How evolving regulations are redefining CISO responsibility | CSO Online
CISOs sollten jetzt handeln, um die Resilienz cyber-physischer Systeme zu stärken und so das „unterbrechungsfreie Leben“ zu gewährleisten.| CSO Online
Shadow IT — tech brought into an organization without the security team’s knowledge — continues to be a threat. Managing visibility through increased vigilance and employee education can help mitigate its dangers.| CSO Online
The cloud-native security provider wants to help customers gain visibility into all of their containers, as well as uncover a growing array of threats across multicloud environments.| CSO Online
With AI and generative AI capabilities on the rise, a shift toward consolidation and platforms over point solutions is redefining the IT security market — as well as its leading vendors.| CSO Online
CrowdStrike, Windows domain administration, SolarWinds — our implicit trust in admin software is a recipe for repeated disasters.| CSO Online
As the IT world recovers from the massive outage triggered by CrowdStrike’s Falcon update, CISOs and CIOs would be wise to keep a running ledger of lessons learned. Here are some initial considerations.| CSO Online
Malware-laced libraries add a new dimension to defending the software supply chain.| CSO Online
CrowdStrike Falcon Insight for IoT delivers tailored threat prevention, patch management, and interoperability across XIoT including IoT, OT, and medical devices.| CSO Online
Endpoint protection has come a long way since the days of dedicated antivirus servers. Here are the basic and more advanced features to look for in an enterprise endpoint protection suite.| CSO Online
Trump’s 2026 budget would slash cyber spending by over $1 billion from 2024 levels, a move that could weaken federal defenses, shrink the cyber talent pipeline, and strip state and local governments of vital grant funding.| CSO Online
Improperly managing your enterprise’s digital certificates can lead to security and operational risks.| CSO Online
Use of multifactor authentication is on the rise, but it needs to be done right to be effective as a security tool. Here‘s how to protect your organization against common MFA attacks and threat modalities.| CSO Online
As perks and pay only go so far, CISOs are turning to upskilling and career pathways to benefit both cyber professionals and their managers.| CSO Online
To ensure minimal business disruption, CISOs must have the right incident recovery strategies, roles, and processes in place. Security experts share tips on assembling your playbook.| CSO Online
Security teams trying to defend their organizations need to adapt quickly to new challenges. Yesterday's best practices have become today's myths.| CSO Online
A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions about the need to solidify further federal IT/OT security protections.| CSO Online
Register now to tell your stories to the readers of CIO, Computerworld, CSO, InfoWorld and Network World.| CSO Online
AI’s moving too fast for old rules — MAESTRO gives banks a smarter, layered way to secure next-gen generative and agentic AI systems.| CSO Online
Russia's launch of a domestic TLS Certificate Authority to bypass Western sanctions and replace revoked and expired certificates amid the invasion of Ukraine poses significant security threats.| CSO Online
Do you know what SSL protocols you expose to your users? Are your settings optimized for security? Have you properly deprecated older TLS certs? Here's what you need to know.| CSO Online
Symantec has found a way to make a dispute with Google over the validity of its TLS and SSL website certificates go away -- and get paid almost US$1 billion in the process.| CSO Online
As more companies adopt better encryption practices, cyber criminals are turning to SSL/TLS vulnerabilities to deliver malicious attacks.| CSO Online
Businesses dragging their heels over rolling out TLS 1.2 on their website might have an excuse to delay a little longer: Version 1.3 of the TLS (Transport Layer Security) encryption protocol will be finalized later this year, and early deployments of it are already under way.| CSO Online
Shodan is a search engine for internet-connected devices — from web cams to water treatment facilities, yachts, and medical devices.| CSO Online
The vulnerability is particularly hazardous as it affects Outlook’s Preview Pane once an email has been opened.| CSO Online
Researchers have discovered a critical flaw in PyTorch’s distributed RPC system, allowing attackers to execute arbitrary commands on the OS and steal AI training data.| CSO Online
File encryption malware used by RansomHub appears to be a modified variant of the Knight ransomware, also known as Cyclops.| CSO Online
The CSA’s SSCF benchmark aims to help SaaS vendors build zero trust principles into their environments and give customers more consistent security controls as third-party risk rises.| CSO Online
Scattered Lapsus$ Hunters is also vowing to assist with customer lawsuits against Salesforce.| CSO Online
If surveillance technology can help save the lives of American GI Joes and Janes, then that is a good thing. Privacy concerns seep in when that same technology moves from military-only use to use in the public domain for the “detection of safety and threats.” You know a wooden match is small, which seems better illustrated when seen in an adult’s hand, but most folks don’t see the small size and think “ultimate sound probe” with a “sharp memory.”| CSO Online
No joke: With the Mic-E-Mouse attack, researchers have found a way to make computer mice eavesdrop on conversations.| CSO Online
Curl maintainer calls the buffer overflow vulnerability one of the worst for the tool, but no exploits have been found.| CSO Online
Researchers have chained two medium severity vulnerabilities to execute "world ending" remote code execution, and a real-world exploit has been found.| CSO Online
The exploit allows attackers to remotely execute arbitrary code and commands without authentication.| CSO Online
CodeMender aims to help developers keep pace with AI-powered vulnerability discovery by automatically patching security flaws.| CSO Online
If a system has a vulnerable version of INISAFE CrossWeb EX V3 installed on it, it must be uninstalled and updated to the latest version, according to ASEC.| CSO Online
The deserialization flaw allows attackers to remotely execute arbitrary codes on customers’ IIS web servers.| CSO Online
Campaign by UAT-8099 began targeting weakly-secured web servers across several countries in April.| CSO Online
The cloud SIEM is gaining long-term data lake log storage, AI graph visualization, support for MCP, and a way to interact with custom agents built in Security Copilot, but it’s unclear yet whether agentic AI will help or hinder CISOs.| CSO Online
To partially close the loop on the fallout from three major data breaches between 2014 and 2020 impacting more than 344 million customers, Marriott has settled both with the Federal Trade Commission and almost every American state. But the terms of the settlements are worrying some cybersecurity executives.| CSO Online
Every so often, the security program needs a revamp. Success hinges on establishing clear priorities, avoiding common mistakes, and keeping the personal toll in check.| CSO Online
A cloud access security broker manages access between enterprise endpoints and cloud resources from a security perspective. Here’s what to consider when selecting the right CASB for your enterprise.| CSO Online
Beim Spear Phishing schicken Cyberkriminelle gezielt betrügerische E-Mails an bestimmte Organisationen oder Personen. Das sind die Tricks der Angreifer.| CSO Online
Agentic AI is already changing how security operations centers function, handling repeatable tasks and freeing analysts for higher-level investigations. But trust, pricing, and oversight remain critical issues.| CSO Online
Sie gelten als digital fit – doch fast jede zweite Person der Gen Z erkennt Phishing-Mails nicht.| CSO Online
Australia's leading cybersecurity executives recognised for their leadership and business value at gala ceremony in Sydney.| CSO Online
With no workaround available, Apple advises all users to install iOS 16.7.12 and iPadOS 16.7.12 without delay.| CSO Online
The malware tricks IT personnel into downloading malicious GitHub Desktop installers with GPU-gated decryption targeting sensitive data across Windows and macOS environments.| CSO Online
In a sophisticated new campaign, executives are being tricked into installing malware via AI-generated video calls with deepfake bosses, delivering custom-built, persistent Mac spyware targeting crypto firms.| CSO Online
A rise in macOS-targeted malware as well as increasing Apple market share may mean corporate Mac fleets are more attractive targets for cybercriminals than previously thought.| CSO Online
The ClickFix campaign is targeting users with fake Google Meet errors and attempting to plant info-stealers posing as a fix.| CSO Online
macOS users are being tricked in the ongoing campaign with fake GitHub pages that deliver the Atomic infostealer.| CSO Online
Log4Shell is likely to remain a favored vulnerability to exploit as organizations lack visibility into their software supply chains.| CSO Online
Users are urged to update both the Spring Framework and Spring Boot tool.| CSO Online
The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.| CSO Online
Nearly two-thirds of companies fail to vet the security implications of AI tools before deploying them. Stressing security fundamentals from the outset can cut down the risks.| CSO Online
Vulnerability exploitation, including attacks on network edge devices, has leapfrogged phishing to become a key factor in many security breaches, according to Verizon’s DBIR.| CSO Online
By leveraging Git’s version control features, one can retrieve deleted files and the sensitive content within.| CSO Online
When digital systems need access and permissions they require credentials just like human beings. These non-human identities allow many components of complex systems to work together but present significant security issues.| CSO Online
End-to-end security between converging information technology and operational technology worlds is imperative, but technical and cultural differences separate them. Here’s how to close the gap.| CSO Online
A global survey shows that less than half of manufacturing companies are prepared for the rising onslaught of cyberattacks against them.| CSO Online
Operational technology threats aren’t just for industrial CISOs anymore, as enterprises from nearly every vertical increasingly connect OT devices to their IT networks.| CSO Online
Security researchers have found a way to attach virtual USB devices remotely to Supermicro servers, including over the internet, by abusing a feature in their baseband management controller software.| CSO Online
We need to convince people to proactively guard against ransomware.| CSO Online
Here are seven simple steps that will safeguard you and your business from phishing attacks.| CSO Online
Stay on top of account management and assess staff cybersecurity skills with CIS Controls 16 and 17.| CSO Online
Compromised user accounts are often the point of entry bad actors use to invade systems; this is why passwordless adoption is getting more attention. CSO lists 10 players to help CISOs make a decision on what works for their enterprise.| CSO Online
Technology may be transforming at an astonishing pace but the password continues to play a cornerstone role in business security operations.| CSO Online
Viable options are now available to supplement or eliminate (almost) the need for password authentication. Here are reasons why passwordless might work for you.| CSO Online
Banish these common passwords now and employ these tips for better password security.| CSO Online
Security assertion markup language (SAML) is an open standard that defines how providers can offer both authentication and authorization services. Here's what you need to know.| CSO Online
EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software.| CSO Online
Learn the key considerations when choosing an MFA solution and why these top picks are worth a look.| CSO Online
A remote access Trojans (RAT) is malicious software that allows an attacker to gain unauthorized access to a victim’s computer over the internet. RATs are typically installed without user consent and remain hidden to avoid detection.| CSO Online
Two suspects were arrested by Belgian police and servers shut down after a coordinated investigation of transnational malware first tracked in the Netherlands.| CSO Online
As developers lean on Copilot and GhostWriter, experts warn of insecure defaults, hallucinated dependencies, and attacks that slip past traditional defenses.| CSO Online
AI-based capability is part of Cisco’s Security Cloud platform for hyperscalers.| CSO Online
API security firm says eBPF will be used to map the API attack surface area of customers, addressing key API security challenges.| CSO Online