Latest from todayfeatureThe CSO guide to top security conferencesTracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.By CSO Staff31 Dec 20246 minsApplication SecurityEventsTechnology Industry news Black Hat: Latest news and insightsBy CSO Staff16 Dec 20245 minsAdvanced Persistent ThreatsBlack HatThreat and Vulnerability Managementnews Amazon refuses Microsoft 365 deployment because of lax cybersecurityBy Evan Schuman16 Dec 20245 minsAccess ControlApplication SecurityCloud Security featureHow to turn around a toxic cybersecurity cultureBy John Edwards 13 Dec 20247 minsApplication SecurityData and Information SecurityIT Training featureThe 7 most in-demand cybersecurity skills todayBy Eric Frank 12 Dec 202411 minsApplication SecurityCloud SecurityCompliance newsMitel MiCollab VoIP authentication bypass opens new attack pathsBy Lucian Constantin 05 Dec 20245 minsApplication SecurityThreat and Vulnerability ManagementVulnerabilities news analysisRising ClickFix malware distribution trick puts PowerShell IT policies on noticeBy Lucian Constantin 21 Nov 20246 minsMalwarePhishingSocial Engineering newsMisconfigurations can cause many Microsoft Power Pages sites to expose sensitive data By Lucian Constantin 15 Nov 20247 minsApplication SecuritySecurity PracticesWeb Development newsBeware malicious NPM packages, Checkmarx warnsBy John E. Dunn 07 Nov 20241 minApplication Security ArticlesfeatureTop 5 security mistakes software developers makeAs attacks continue to plague cybersecurity leaders, CSO has compiled a list of common mistakes by software developers that can be prevented.By David Strom 07 Nov 2024 10 minsApplication SecurityDevSecOpsnewsLLMs hallucinating non-existent developer packages could fuel supply chain attacksLarge language models could be exploited to launch waves of “package confusion” attacks, first major study into package hallucination finds.By John E. Dunn 02 Oct 2024 1 minApplication SecuritySecurityhow-toDownload our AI security posture management (AI-SPM) enterprise buyer’s guideWidespread adoption of generative AI across businesses has increased the need for contingencies, including AI security software. Here, we examine nine vendors’ tools that handle AI security posture management (AI-SPM).By David Strom 24 Sep 2024 1 minApplication SecurityEnterprise Buyer’s GuidesSecurity Monitoring SoftwareanalysisThe 18 biggest data breaches of the 21st centuryData breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.By Michael Hill, Dan Swinhoe and John Leyden 12 Sep 2024 18 minsData BreachMalwarePhishingopinionApplication detection and response is the gap-bridging technology we needThere are many good reasons to embrace ADR as a security staple and a whole lot more why other technologies can’t address all the security needs of applications running out there in the wild.By Chris Hughes 12 Sep 2024 7 minsApplication SecurityDevSecOpsEndpoint ProtectionfeatureWhat is OWASP? A standard bearer for better web application securityThe Open Web Application Security Project (OWASP) is an international nonprofit dedicated to providing free documentation, tools, videos, and forums for anyone interested in improving the security of their web applications.By Linda Rosencrance 28 Aug 2024 8 minsApplication SecurityIT SkillsInternet SecurityopinionBug bounty programs take root in Russia — with possible far-reaching implicationsInternational sanctions, IT isolation, and shifting attitudes to ethical hacking have bug bounty programs on the rise in Russia, with zero-day acquisition companies potentially poised to profit.By Sarah Wiedemar 27 Aug 2024 7 minsApplication SecurityTechnology Industryfeature6 hot cybersecurity trends — and 2 going coldArtificial intelligence is altering not only the threat landscape but also how security teams can defend their organizations. But AI isn’t the only trend cybersecurity pros should be on top of.By Neal Weinberg 06 Aug 2024 11 minsAuthenticationPasswordsPhishingfeatureNHIs may be your biggest — and most neglected — security holeBecause IT has so little visibility into non-human identities, attackers are increasingly seeking them out as ultra-easy onramps to everything of value in your enterprise. The solution? Stop treating NHIs as though they are another human end-user.By Evan Schuman 23 Jul 2024 9 minsApplication SecurityIdentity and Access ManagementNetwork Securitynews analysisPython GitHub token leak shows binary files can burn developers tooScrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub.By Lucian Constantin 11 Jul 2024 5 minsApplication SecurityDevSecOpsSoftware DevelopmentfeatureWhitelisting explained: How it works and where it fits in a security programWhitelisting locks down computers so only approved applications can run. Is the security worth the administrative hassle?By Josh Fruhlinger and CSO Staff 07 Jun 2024 10 minsApplication SecurityData and Information SecurityEmail SecuritynewsOver half of government applications have unpatched flaws older than a yearJava and .NET applications are the main source of unpatched vulnerabilities in the public sector.By Lucian Constantin 30 May 2024 6 minsApplication SecurityGovernment ITVulnerabilities Show more Show less View all Resources whitepaper Integrating Network, Application, and Workforce Security: A Comprehensive Approach Through Platformization Navigating the Current Middle East Threat Landscape The post Integrating Network, Application, and Workforce Security: A Comprehensive Approach Through Platformization appeared first on Whitepaper Repository –. By Cloudflare 03 Dec 2024Application SecurityCloud SecuritySecurity View all Podcasts podcastsCSO Executive Sessions / ASEANIn this weekly series, host Xiou Ann Lim, Editor for CSO ASEAN at Foundry, interviews top chief information security officers throughout the ASEAN region to discuss current security threats, critical IT projects, security skills and careers, and much more.0 episodeApplication Security Ep. 62 CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO Ep. 62 CSO Executive Sessions: Data protection in Malaysia 02 Jul 202415 mins CSO and CISO Video on demand videoCSO Executive Sessions with Mohammad Firdaus Juhari, Head of Digital Security, edotco GroupMohammad Firdaus Juhari, Head of Digital Security at edotco Group, joins host Xiou Ann Lim, Editor for CSO ASEAN, for this CSO Executive Sessions interview. 23 May 2023 18 minsApplication Security What’s ahead for cybersecurity in 2019: TECH(talk) 01 Feb 2019 25 minsCyberattacksRansomwareTechnology Industry 6 security reasons to upgrade to Windows 10 25 Jul 2018 1 minsApplication SecurityPrivacyWindows Don’t ignore application security | Salted Hash Ep 35 23 Jul 2018 18 minsApplication SecuritySecurityVulnerabilitiesSee all videos Explore a topic Business Continuity Business Operations Careers Cloud Security Compliance Critical Infrastructure Cybercrime Identity and Access Management Industry IT Leadership Network Security Physical Security Privacy Risk Management View all topics Show me morePopularArticlesPodcastsVideos opinion 2025 Cybersecurity and AI Predictions By Jason Lau 10 Jan 202511 mins Security news Malware targets Mac users by using Apple’s security tool By Shweta Sharma 10 Jan 20253 mins EncryptionMalwarePhishing feature SEC rule confusion continues to put CISOs in a bind a year after a major revision By John Leyden 10 Jan 20256 mins Business IT AlignmentCSO and CISORegulation podcast CSO Executive Sessions: Guardians of the Games – How to keep the Olympics and other major events cyber safe 07 Aug 202417 mins CSO and CISO podcast CSO Executive Session India with Dr Susil Kumar Meher, Head Health IT, AIIMS (New Delhi) 17 Jul 202417 mins CSO and CISO podcast CSO Executive Session India with Charanjit Bhatia, Head of Cybersecurity, COE, Bata Brands 08 Jul 202418 mins CSO and CISO video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 2) 14 Nov 202415 mins Critical InfrastructureIT GovernanceSupply Chain video CSO Executive Sessions: Open Source Institute’s Eric Nguyen on supply chain risks to critical infrastructure (Part 1) 04 Nov 202419 mins Critical InfrastructureSecuritySupply Chain video CSO Executive Sessions: Standard Chartered’s Alvaro Garrido on cybersecurity in the financial services industry 23 Oct 202410 mins Financial Services IndustrySecurity