It may have faded into obscurity but by an order of magnitude, the outage last July caused by the cybersecurity vendor was the costliest in IT history. What have we learned to prevent something similar from happening again?
Case in point: taking stock of the CrowdStrike outages Read More »
From the editors of CSO, this enterprise buyer’s guide helps IT security staff understand what the various breach and attack simulation (BAS) options can do for their organizations and how to choose the right solution. Download the breach and attack simulation (BAS) tools buyer’s guide here.
Breach and attack simulation (BAS) tools buyer’s guide Read More »
Prompt injection and supply chain vulnerabilities remain the main LLM vulnerabilities but as the technology evolves new risks come to light including system prompt leakage and misinformation.
10 most critical LLM vulnerabilities Read More »
AI and machine learning are improving cybersecurity, helping human analysts triage threats and close vulnerabilities quicker. But they are also helping threat actors launch bigger, more complex attacks.
10 ways hackers will use machine learning to launch attacks Read More »
From prompt injections to model theft, OWASP has identified the most prevalent and impactful vulnerabilities found in AI applications based on large language models (LLMs).
10 most critical LLM vulnerabilities Read More »
The best way to recover from a ransomware attack is to have a reliable and fast backup process. Here’s how to do it.
Ransomware recovery: 8 steps to successfully restore from backup Read More »
After years of review, the National Institute of Standards and Technology has chosen three encryption algorithms as the basis for its post-quantum security strategy.
NIST finally settles on quantum-safe crypto standards Read More »
NIST standards for quantum-safe encryption are due out this summer. As quantum computing advances, enterprises need to consider their encryption infrastructure and post-quantum security strategies.
Despite being late to market, Microsoft’s secure service edge (SSE) offering has some advantages, including cost and ties to Microsoft’s identity access management services.
Microsoft Entra Suite is late to the SSE pool but will still make waves Read More »
In a somewhat chilling revelation, AI agents were able to find and exploit known vulnerabilities, but only under certain conditions, which researchers say indicates they’re not close to being a significant threat – yet.
AI agents can find and exploit known vulnerabilities, study shows Read More »
BAS products simulate attacks to test a company’s defenses against threat vectors. The following guide can help you make the right choice for your organization.
Breach and attack simulation tools: Top vendors, key features, how to choose Read More »
Organizations have started to launch AI certifications in governance and cybersecurity but given how immature the space is and how fast it’s changing, are these certifications worth pursuing?
AI governance and cybersecurity certifications: Are they worth it? Read More »
The ransomware business hit record highs in 2023 despite falling payment rates, as attackers scaled up the number of attacks and new AI weapons were brought to bear on both sides of the war, promising to make an even bigger impact this year.
The state of ransomware: Faster, smarter, and meaner Read More »
Generative AI could be the holy grail of DevSecOps, from writing secure code and documentation to creating tests. But it could be a major point of failure if not used correctly.
Generative AI poised to make substantial impact on DevSecOps Read More »
By automating repetitive triage and documentation tasks, generative AI systems allow entry-level security analysts to spend more time on investigations, response, and developing core skills.
How GenAI helps entry-level SOC analysts improve their skills Read More »
