Security Management Strategies for the CIO
Email Alerts
-
Emerging threat detection techniques and products
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing problem, penetrating networks and stealing intellectual property. This TechGuide will provide analysis ... E-Handbook
-
Outsourcing security services
This month, Information Security Magazine examines security in the cloud. Cloud security and cloud services have come a long way and it’s now possible to control the quality of security you get in Web deployments, and to monitor what’s going on in yo... E-Zine
-
The China Syndrome: Security factors to consider before buying Chinese IT
Chinese IT equipment is often cost-effective, but the U.S. government believes Chinese vendors are a threat to American interests. This month, Information Security Magazine examines the Huawei security risks and offers points to consider befor... E-Zine
-
Threat management: Devising a new strategy to tackle today's cyber attacks
Trying to prepare your defenses against a constantly shifting threat landscape can be a demanding task. New threats – such as mobile malware, targeted attacks, and compromised social media – can open the door to cyber attack; so what do you need to k... E-Handbook
-
Market for vulnerability information grows
Stronger defenses are necessary to defend against escalating nation-state cyberweapon and cyberespionage activities and the threats to our critical infrastructure posed by hacktivists and terrorist groups. This month, Information Security Magazine... E-Zine
-
Five actions to prepare for today’s external security threats
In this month’s issue, Global Vice President of the Information Security Forum, Steve Durbin, offers five actions you can take to prepare for today’s external threats, proven steps to counter internal threats, and practical advice on how to better pr... E-Zine
-
Combat the latest malware threats with effective antimalware planning
While we try to keep pace and adopt new platforms such as smartphones, social media and cloud services, malware is just as good at taking on the latest trends with ease. Explore why enterprises need to step up their game and implement new antimalware... E-Zine
-
Debunking myths about the advanced persistent threat (APT)
Think you know all you need to know about the advanced persistent threat? We’ll define APT and dispel a few myths in this month's cover story, as well as uncover how you can beef up your information security skill set. Plus, our experts reveal the pr... E-Zine
-
Combatting emerging Web threats In the enterprise
Attackers are almost exclusively targeting enterprises with hacks perpetrated over the Web. As most enterprises move operations and functionality online, Web-based applications become a tempting threat vector for cybercriminals. Read this e-book for ... E-Book
-
Mitigation and detection to reduce the threat of online crime
As our economy struggles to regain its footing, online fraud is more prevalent than ever. In this e-Book, experts reveal a model for common fraud and present tips on easing fraud pains. Also, find out how financial fraud affects consumer bank behavio... E-Book
- See more Premium Content on Emerging Information Security Threats
-
Antivirus evasion techniques show ease in avoiding antivirus detection
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed. Feature
-
IT Security Trends 2013: Mobile security concerns tops the list
2013 IT security trends reveal mobile device security tops the list of priorities for security pros this year. Feature
-
Critical infrastructure protection hindered by difficulties, experts say
Information Security magazine discussed critical infrastructure protection with three experts and explore whether any near-term solutions can be implemented to bolster network defenses. Feature
-
Private market growing for zero-day exploits and vulnerabilities
Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free. Feature
-
IPv6 tutorial: Understanding IPv6 security issues, threats, defenses
You may not know it, but IPv6 may be the Internet's next superhighway for zero-day attacks. This new guide offers tactics for proactive IPv6 security. Tutorial
-
Quiz: Developing a defense-in-depth strategy for antimalware defense
Take this five-question quiz to evaluate your knowledge of the material presented by expert Lenny Zeltser in this Intrusion Defense School lesson. Quiz
-
RSA Conference 2011: News, interviews and updates
The RSA Conference is a valuable resource in staying educated on the latest advances, threats and emerging trends in the information security industry. Conference Coverage
-
Black Hat conference 2010: News, podcasts and videos
Get updates on the latest happenings at the Black Hat 2010 conference with breaking news stories, and exclusive video and podcasts. Conference Coverage
-
RSA Conference 2010: news, interviews and updates
RSA Conference 2010 is valuable resource in staying educated on the latest advances, threats and emerging trends in the information security industry. Here you will find the most current updates and news on the upcoming RSA Conference 2010, scheduled... Special News Coverage
-
Security book giveaway: Under-the-radar information security threats
Which enterprise security threat do you think has gone under the radar? Give us your thoughts. Our favorite response will win some great free security training books. Contest
- See more Essential Knowledge on Emerging Information Security Threats
-
Black Hat 2013 opens with testy keynote, smart device hacks
After a contentious opening keynote by NSA Director Gen. Keith Alexander, day one of Black Hat 2013 showed smart device hacks, severe SCADA issues. News | 01 Aug 2013
-
FortiGuard Labs: Advanced persistent threats are escalating
Advanced persistent threats are on the rise, according to a report by FortiGuard Labs. News | 12 Jul 2013
-
Damballa: Security vendor partnerships of growing importance
Damballa executives say partnerships among security point product vendors are increasingly important, and will ultimately benefit enterprises. News | 09 Jul 2013
-
DDoS attack trends highlight increasing sophistication, larger size
Though the Spamhaus DDoS attack showed the potential devastation of increasing bandwidth, DDoS attack trends show DDoS type to be just as important. News | 15 May 2013
-
Department of Labor website hack highlights advanced attack trends
The IE8 zero-day attack planted in the U.S. Labor Department's website highlights how few organizations can ward off never-before-seen attacks. News | 09 May 2013
-
Over 100k serial devices online and unsecured, says HD Moore
Security researcher HD Moore says 114,000 serial devices exposed to the Internet are highly hackable. News | 25 Apr 2013
-
Malware hits businesses 20 to 60 times an hour, say researchers
Advanced cyber attacks hit businesses 20 times an hour on average, say researchers at security firm FireEye News | 04 Apr 2013
-
Research highlights speed, frequency of ICS security attacks
A new Trend Micro study using honeypots for research highlights an alarming number and variety of attempted ICS security breaches. News | 20 Mar 2013
-
Emerging threats include kinetic attack, offensive forensics: RSA 2013
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks. News | 04 Mar 2013
-
RSA 2013: China not the only cyber espionage country, says Mandiant
China is not the only country carrying out large-scale cyber espionage, says US cyber security firm Mandiant. News | 28 Feb 2013
- See more News on Emerging Information Security Threats
-
Big data creates cloudy security forecast
Security in the cloud has come a long way and it’s now possible to control the quality of security you get in Web deployments, and to monitor what’s going on in your slice of the cloud. Column
-
2013 Security Priority Survey, security risks when buying IT hardware from China
Information Security Magazine reveals the results of its 2013 Security Priority Survey and examines the security risks associated with purchasing IT hardware from China. Elsewhere in the issue, infosec pros share their strategies for BYOD security. Editor's Letter
-
Mega-DDoS attack prevention: How to prepare for larger DDoS attacks
Enterprises face increasing risks from mega-DDoS attacks. Expert Brad Casey provides advice on high-bandwidth DDoS attack prevention. Tip
-
Understanding logic bomb attacks: Examples and countermeasures
In light of the attacks on South Korean organizations, expert Nick Lewis defines logic bomb attacks and offers other examples and countermeasures. Tip
-
Exploit kits evolved: How to defend against the latest attack toolkits
Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits. Tip
-
The Red October malware campaign uncovered: What enterprises can learn
Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage. Tip
-
Gauging UPnP security risks: Is UPnP secure enough for enterprise use?
Is UPnP secure enough for enterprise use? Network security expert Brad Casey assesses UPnP security risks and offers advice for mitigating the threat. Tip
-
Protect intellectual property with data breach prep, cost analysis
Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.' Tip
-
Cyberwar calls for software and system investment, not hacking back
Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection. Tip
-
MySQL security analysis: Mitigating MySQL zero-day flaws
In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed? Tip
-
Defending against watering hole attacks: Consider using a secure VM
Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them. Tip
-
Reassess embedded systems security in light of printer vulnerabilities
Recent high-profile printer vulnerabilities illustrate why enterprises need to be aware of embedded systems security. Expert Nick Lewis discusses. Tip
- See more Tips on Emerging Information Security Threats
-
New advanced persistent threat protection: Beyond perimeter defense
Firewalls and antivirus are ineffective in the face of APT attacks. Expert Nick Lewis offers suggestions for advanced persistent threat protection. Answer
-
Measuring the risk posed by sophisticated malware evasion techniques
Learn about the evolving nature of malware evasion techniques. Security expert Nick Lewis determines whether anti-malware tools should detect them. Answer
-
The updated Makadocs malware: How to protect users locally
Security expert Nick Lewis details how the updated Makadocs malware uses Google Docs as a command and control server and offers mitigations for users. AtE
-
MiniFlame malware: Assessing the threat to enterprises
Expert Nick Lewis analyzes miniFlame, the plug-in for the Flame malware, to determine how it operates and whether enterprises should be concerned. Answer
-
How users can defend against the Android remote-wipe vulnerability
Expert Nick Lewis details the Android remote-wipe vulnerability targeting Samsung phones and provides mitigations for Android users. Answer
-
What risk does the Apple UDID security leak pose to iOS users?
Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak. Answer
-
How should NFC security risks affect a BYOD security policy?
Security expert Nick Lewis explores the emerging security risks posed by NFC technology and discusses their effect on enterprise BYOD policy. Answer
-
Can XML encryption thwart XML attacks?
Expert Nick Lewis discusses proof-of-concept XML attacks and possible steps for defending data protected by XML encryption. Answer
-
Threat of SSL malware highlights SSL security issues
Expert Nick Lewis highlights SSL security issues and the threat of SSL malware being transmitted via HTTPS. Is this a serious blow to SSL security? Answer
-
Does accelerometer research portend keyboard-vibration attacks?
Expert Nick Lewis examines smartphone accelerometer research that may lead to keyboard-vibration attacks via a smartphone on a nearby computer. Answer
- See more Expert Advice on Emerging Information Security Threats
-
business logic attack
A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface and the application's supporting database. Definition
-
search engine results page (SERP)
A search engine results page (SERP) is the list of results that a search engine returns in response to a specific word or phrase query. Definition
-
mobile device attack
A mobile device attack is an exploit targeting handheld communications devices, such as smartphones and tablets. Ed Skoudis, founder and senior security consultant of InGuardians, a security consulting firm, describes one scenario: "Bad guys are go... Definition
-
device attack
A device attack is an exploit in which the attacker takes advantage of a vulnerable device to gain network access. Definition
-
Duqu (W32.Duqu)
Duqu is a remote access Trojan (RAT) that is designed to steal data from computers it infects. Definition
-
voluntary botnet
A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack. Definition
-
TDL-4 (TDSS or Alureon)
TDL-4 is sophisticated malware that facilitates the creation and maintenance of a botnet. The program is the fourth generation of the TDL malware, which was itself based on an earlier malicious program known as TDSS or Alureon. Definition
-
malvertisement (malicious advertisement or malvertising)
A malvertisement (malicious advertisement) is an advertisement on the Internet that delivers a malicious payload. Definition
-
advanced persistent threat (APT)
An advanced persistent threat is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. Definition
-
cybercrime
Cybercrime is a term for any illegal activity that uses a computer as its primary means of commission. Definition
- See more Definitions on Emerging Information Security Threats
-
Cyberthreat landscape plagued by automated attacks, Gartner says
Gartner VP Richard Hunter reviews the enterprise cyberthreat landscape and explains why automated attacks will only make a bad situation worse. Podcast
-
Martin Roesch: Increase in cybersecurity breaches demands new tactics
Video: Sourcefire interim CEO Martin Roesch discusses the need for new tactics amid rampant cybersecurity breaches, plus APTs, big data and CISO priorities. Video
-
With Spyeye, Zeus variants, cybercriminals up the ante
They have long plagued the financial industry, but the latest Spyeye/Zeus variants are a serious and complicated threat, says Dell SecureWorks. Video
-
NSA’s Sager on cyberwarfare, likelihood of ‘digital Pearl Harbor’
The NSA’s Tony Sager discusses the likelihood of ‘digital Pearl Harbor’ and how to prepare for cyberattacks by cost-effectively disrupting attackers. Video
-
NSA’s Sager on trends of 2011 security breaches, advanced persistent threat hype
The NSA’s Tony Sager discusses macro trends of 2011 security breaches, why advanced persistent threat hype isn’t justified, and infosec lessons learned from his wife and kids. Video
-
Black Hat 2011: Malware threats, attack vectors and data sharing
Rodrigo Branco talks about vulnerabilities, malware sophistication and whether the move to cloud-based services will change the way cybercriminals work. Video
-
Marcus Ranum on cyberwar, critical infrastructure protection
Network security expert Marcus Ranum explains why he believes cyberwarfare is only a tool for powerful nation states and discusses how Stuxnet supports his premise. Video
-
Narcissistic vulnerability pimp: Baker on researchers and bug bounties
In a blog post, Verizon Director of Risk Wade Baker proposed a new title for security researchers looking to get attention who release bug information before a patch is released: Narcisstic vulnerability pimps. Video
-
Jim Lewis on SCADA security threats, Stuxnet analysis
Jim Lewis, Director and Senior Fellow at the Center for Strategic and International Studies, gives his analysis of the Stuxnet worm, and what he believes are the greatest threats to SCADA systems. Video
-
Information security podcasts
Download these weekly information security podcasts covering the top news and issues enterprise infosec pros care about to your PC or favorite mp3 player. Podcasts
- See more Multimedia on Emerging Information Security Threats
-
Black Hat 2013 opens with testy keynote, smart device hacks
After a contentious opening keynote by NSA Director Gen. Keith Alexander, day one of Black Hat 2013 showed smart device hacks, severe SCADA issues. News
-
New advanced persistent threat protection: Beyond perimeter defense
Firewalls and antivirus are ineffective in the face of APT attacks. Expert Nick Lewis offers suggestions for advanced persistent threat protection. Answer
-
Emerging threat detection techniques and products
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing problem, penetrating networks and stealing intellectual property. This TechGuide will provide analysis ... E-Handbook
-
Cyberthreat landscape plagued by automated attacks, Gartner says
Gartner VP Richard Hunter reviews the enterprise cyberthreat landscape and explains why automated attacks will only make a bad situation worse. Podcast
-
Mega-DDoS attack prevention: How to prepare for larger DDoS attacks
Enterprises face increasing risks from mega-DDoS attacks. Expert Brad Casey provides advice on high-bandwidth DDoS attack prevention. Tip
-
FortiGuard Labs: Advanced persistent threats are escalating
Advanced persistent threats are on the rise, according to a report by FortiGuard Labs. News
-
Damballa: Security vendor partnerships of growing importance
Damballa executives say partnerships among security point product vendors are increasingly important, and will ultimately benefit enterprises. News
-
Understanding logic bomb attacks: Examples and countermeasures
In light of the attacks on South Korean organizations, expert Nick Lewis defines logic bomb attacks and offers other examples and countermeasures. Tip
-
Measuring the risk posed by sophisticated malware evasion techniques
Learn about the evolving nature of malware evasion techniques. Security expert Nick Lewis determines whether anti-malware tools should detect them. Answer
-
Exploit kits evolved: How to defend against the latest attack toolkits
Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits. Tip
- See more All on Emerging Information Security Threats
About Emerging Information Security Threats
Hackers are now attacking RFID tags and readers, mobile devices and hardware drivers and using advanced information security threats such as rootkits and self-morphing Trojans to gain control of PCs. Read through our news, tips and advice to get the latest knowledge you need to defeat evolving hacker techniques.