SearchSecurity
New & Notable
News
October Patch Tuesday squashes zero-day
The top priority for Microsoft's October 2017 Patch Tuesday goes to a Windows zero-day vulnerability, but IT should also beware of two publicly disclosed flaws.
Manage
Using the cloud won't protect you from ransomware
Storing data in the cloud isn't a sure-fire ransomware defense method. Expert Rob Shapland examines how the cloud helps and hurts when it comes to ransomware attacks.
News
Windows' patch diffing uncovers flaws for attackers
Microsoft's practice of automatic Windows 10 patching could be uncovering vulnerabilities in older systems that can be exploited by attackers, Google researchers said.
Get Started
How to build a threat intelligence team
The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee.
Go Now: Malware Protection Best Practices
Should security teams clean up the malware and move on or format the hard drives to start over with a clean system? In this expert guide, security pros weigh in on how antimalware protects the enterprise.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Trending Topics
-
Emerging threats Problem Solve
Windows shortcuts are vulnerable to attacks
A Windows vulnerability targets shortcut files and enables hackers to automatically execute code. Expert Judith Myerson explains the flaw and how to stop it.
-
Windows security Manage
How a Stuxnet bug exposes infosec program shortcomings
A Windows Shell flaw used by the Stuxnet worm continues to pose problems years after it was patched. Nick Lewis explains how the flaw exposes enterprise security shortcomings.
-
PCI DSS News
Risk & Repeat: Does PCI DSS compliance matter?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new research from Verizon on payment card security and the effectiveness of PCI DSS compliance for enterprises.
-
Encryption technology Manage
Safety of Web Applications
In this excerpt from chapter three of Safety of Web Applications, author Eric Quinton discusses symmetric and asymmetric encryption.
-
Security industry trends News
Risk & Repeat: The future of cybersecurity conferences
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how smaller, more targeted infosec conferences are making a name for themselves in the shadow of much larger events.
-
CISSP Get Started
How well do you know the basics of network security?
Think you know network security basics inside and out? Take this 10-question quiz to find out how well you’ve prepared for Domain 4 of the CISSP exam.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Peter Loshin asks:
Should technology companies explore options for responsible encryption? Why or why not?
Find Solutions For Your Project
-
Evaluate
Add endpoint security using supplementary tools
Learn how network access control (NAC), data loss prevention (DLP) and robust data destruction tools secure the data in your corporate endpoints against data loss.
-
How machine learning can help find malicious apps
-
A closer look at the STIX threat intelligence framework
-
How to make a SIEM system comparison before you buy
-
-
Problem Solve
How hackers can use subtitles to infect media players
New media player vulnerabilities have been exposed that enable hackers to use subtitle files to control devices. Expert Judith Myerson explains how this happens.
-
How to mitigate a critical Foxit Reader vulnerability
-
Windows shortcuts are vulnerable to attacks
-
How hackers can use an Amazon Echo attack to eavesdrop
-
-
Manage
Expanding web security testing to server environments
Web application security is crucial, but enterprises also need to look below that layer for web server vulnerabilities. Kevin Beaver explains how to look for common weaknesses.
-
Preparing for Adobe Flash's 2020 end-of-life date
-
The dangers of Docker APIs and shadow containers
-
Has the role of CISO finally arrived? (I vote yes!)
-
-
E-Handbook | October 2017
Crafting a cybersecurity incident response plan, step by step
Download -
E-Zine | October 2017
What does a CISO do now? It's a changing, increasingly vital role
Download -
E-Zine | October 2017
Growing data protection risks and how to manage them
Download -
Buyer's Handbook | September 2017
How to make a SIEM system comparison before you buy
Download -
E-Handbook | September 2017
Secure DevOps brings better, faster, safer software
Download
Information Security Basics
-
Get Started
How to build a threat intelligence team
The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee.
-
Get Started
Crafting a cybersecurity incident response plan, step by step
'Swift' and 'automatic': key characteristics of effective incident response. But how to get from where your plan is to where it needs to be? This handbook has the answers.
-
Get Started
Responding to security incidents requires preplanning
Effective incident response policies must be detailed, comprehensive and regularly updated -- and then 'embedded in the hearts and minds' of infosec team members.
Multimedia
Vendor Resources
- GDPR Strategy Guide –White Paper
- 11 Steps IT Needs to Take When Adopting Cloud Apps and Services –White Paper
- Mobile Malware in the UK –White Paper
Blog: Security Bytes
-
FBI's Freese: It's time to stop blaming hacking victims
The FBI's Don Freese spoke at the (ISC)2 Security Congress this week about the need to end the practice of blaming hacking victims. But will infosec professionals listen?Continue Reading
-
DerbyCon cybersecurity conference is unique and troubling
Walking up to DerbyCon 7.0 cybersecurity conference it immediately has a very different feel from the "major" infosec conferences. Attendees would never be caught loitering outside of the Black Hat ...Continue Reading
-
More Security Bytes Posts
Fearmongering around Apple Face ID security announcement
Project Treble is another attempt at faster Android updates
The Symantec-Google feud can't be swept under the rug
-
News
View All -
Web server threats and application attacks
Credit reporting websites deliver malvertising
Security researchers find drive-by download attacks affecting both Equifax and TransUnion, but Equifax claims systems were not compromised in the website hack.
-
Information security laws, investigations and ethics
DOJ asks tech firms to encrypt 'responsibly'
News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed.
-
Government information security management
Hacking voting machines is too easy, DEFCON says
The first official report on voting machine hacking from DEFCON suggests the need for pen testing, basic security guidelines and cooperation from local and federal governments.