Security Management Strategies for the CIO
Email Alerts
-
Outsourcing security services
This month, Information Security Magazine examines security in the cloud. Cloud security and cloud services have come a long way and it’s now possible to control the quality of security you get in Web deployments, and to monitor what’s going on in yo... E-Zine
-
The China Syndrome: Security factors to consider before buying Chinese IT
Chinese IT equipment is often cost-effective, but the U.S. government believes Chinese vendors are a threat to American interests. This month, Information Security Magazine examines the Huawei security risks and offers points to consider befor... E-Zine
-
Threat management: Devising a new strategy to tackle today's cyber attacks
Trying to prepare your defenses against a constantly shifting threat landscape can be a demanding task. New threats – such as mobile malware, targeted attacks, and compromised social media – can open the door to cyber attack; so what do you need to k... E-Handbook
-
Market for vulnerability information grows
Stronger defenses are necessary to defend against escalating nation-state cyberweapon and cyberespionage activities and the threats to our critical infrastructure posed by hacktivists and terrorist groups. This month, Information Security Magazine... E-Zine
-
Five actions to prepare for today’s external security threats
In this month’s issue, Global Vice President of the Information Security Forum, Steve Durbin, offers five actions you can take to prepare for today’s external threats, proven steps to counter internal threats, and practical advice on how to better pr... E-Zine
-
Combat the latest malware threats with effective antimalware planning
While we try to keep pace and adopt new platforms such as smartphones, social media and cloud services, malware is just as good at taking on the latest trends with ease. Explore why enterprises need to step up their game and implement new antimalware... E-Zine
-
Debunking myths about the advanced persistent threat (APT)
Think you know all you need to know about the advanced persistent threat? We’ll define APT and dispel a few myths in this month's cover story, as well as uncover how you can beef up your information security skill set. Plus, our experts reveal the pr... E-Zine
-
How to dig out rootkits
Stealthy and evasive, rootkits may own your systems. In this issue, expert Greg Hoglund tells you how to dig them out. Also, get tips on integrating physical and logical security, avoiding forensics missteps, and understanding standalone vendor viabi... E-Zine
-
Keep today's threats close and tomorrow's closer
Invariably, enterprises are forced to deal with an ever evolving threat landscape. In this issue, learn best practices for authenticating transactions, securing endpoints, protecting RFID and locking down virtualization. E-Zine
-
Mission critical: Securing the critical national infrastructure
How vulnerable is the U.S. critical national infrastructure to attack? Read this month's special report for more details. Also, get information on code reviews, IPv6 concerns and offshore security. E-Zine
-
Antivirus evasion techniques show ease in avoiding antivirus detection
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed. Feature
-
IT Security Trends 2013: Mobile security concerns tops the list
2013 IT security trends reveal mobile device security tops the list of priorities for security pros this year. Feature
-
Critical infrastructure protection hindered by difficulties, experts say
Information Security magazine discussed critical infrastructure protection with three experts and explore whether any near-term solutions can be implemented to bolster network defenses. Feature
-
Private market growing for zero-day exploits and vulnerabilities
Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free. Feature
-
IPv6 tutorial: Understanding IPv6 security issues, threats, defenses
You may not know it, but IPv6 may be the Internet's next superhighway for zero-day attacks. This new guide offers tactics for proactive IPv6 security. Tutorial
-
Quiz: Developing a defense-in-depth strategy for antimalware defense
Take this five-question quiz to evaluate your knowledge of the material presented by expert Lenny Zeltser in this Intrusion Defense School lesson. Quiz
-
RSA Conference 2011: News, interviews and updates
The RSA Conference is a valuable resource in staying educated on the latest advances, threats and emerging trends in the information security industry. Conference Coverage
-
Black Hat conference 2010: News, podcasts and videos
Get updates on the latest happenings at the Black Hat 2010 conference with breaking news stories, and exclusive video and podcasts. Conference Coverage
-
RSA Conference 2010: news, interviews and updates
RSA Conference 2010 is valuable resource in staying educated on the latest advances, threats and emerging trends in the information security industry. Here you will find the most current updates and news on the upcoming RSA Conference 2010, scheduled... Special News Coverage
-
Security book giveaway: Under-the-radar information security threats
Which enterprise security threat do you think has gone under the radar? Give us your thoughts. Our favorite response will win some great free security training books. Contest
- See more Essential Knowledge on Emerging Information Security Threats
-
DDoS attack trends highlight increasing sophistication, larger size
Though the Spamhaus DDoS attack showed the potential devastation of increasing bandwidth, DDoS attack trends show DDoS type to be just as important. News | 15 May 2013
-
Department of Labor website hack highlights advanced attack trends
The IE8 zero-day attack planted in the U.S. Labor Department's website highlights how few organizations can ward off never-before-seen attacks. News | 09 May 2013
-
Over 100k serial devices online and unsecured, says HD Moore
Security researcher HD Moore says 114,000 serial devices exposed to the Internet are highly hackable. News | 25 Apr 2013
-
Malware hits businesses 20 to 60 times an hour, say researchers
Advanced cyber attacks hit businesses 20 times an hour on average, say researchers at security firm FireEye News | 04 Apr 2013
-
Research highlights speed, frequency of ICS security attacks
A new Trend Micro study using honeypots for research highlights an alarming number and variety of attempted ICS security breaches. News | 20 Mar 2013
-
Emerging threats include kinetic attack, offensive forensics: RSA 2013
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks. News | 04 Mar 2013
-
RSA 2013: China not the only cyber espionage country, says Mandiant
China is not the only country carrying out large-scale cyber espionage, says US cyber security firm Mandiant. News | 28 Feb 2013
-
Spear phishing, manpower drive Chinese APTs, says researcher at RSA 2013
Chinese cyberattacks rely on spear phishing and overwhelming numbers, not sophisticated attack methods, says a researcher at RSA Conference 2013. News | 27 Feb 2013
-
The body count is new, but UPnP security issues are embarrassingly old
HD Moore unveiled research showing wide-scale UPnP security issues last week, but some of the problems have been known for years. News | 06 Feb 2013
-
Offensive security involves proactive deception tactics
Going on the offense doesn’t mean actively targeting cybercriminals, experts say. Deceptive tactics, phony documents can help trip up attackers. News | 28 Jan 2013
- See more News on Emerging Information Security Threats
-
Exploit kits evolved: How to defend against the latest attack toolkits
Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits. Tip
-
The Red October malware campaign uncovered: What enterprises can learn
Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage. Tip
-
Gauging UPnP security risks: Is UPnP secure enough for enterprise use?
Is UPnP secure enough for enterprise use? Network security expert Brad Casey assesses UPnP security risks and offers advice for mitigating the threat. Tip
-
Protect intellectual property with data breach prep, cost analysis
Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.' Tip
-
Cyberwar calls for software and system investment, not hacking back
Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection. Tip
-
MySQL security analysis: Mitigating MySQL zero-day flaws
In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed? Tip
-
Defending against watering hole attacks: Consider using a secure VM
Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them. Tip
-
Reassess embedded systems security in light of printer vulnerabilities
Recent high-profile printer vulnerabilities illustrate why enterprises need to be aware of embedded systems security. Expert Nick Lewis discusses. Tip
-
How to negate business logic attack risk: Improve security in the SDLC
Expert Nick Lewis details the threat posed by business logic attacks and how stressing the importance of security in the SDLC can reduce that threat. Tip
-
Adobe attack analysis: Addressing Adobe security certificate issues
After a recent attack on Adobe, what mitigations should be put in place to avoid security issues with Adobe certificates? Expert Nick Lewis advises. Tip
- See more Tips on Emerging Information Security Threats
-
The updated Makadocs malware: How to protect users locally
Security expert Nick Lewis details how the updated Makadocs malware uses Google Docs as a command and control server and offers mitigations for users. AtE
-
MiniFlame malware: Assessing the threat to enterprises
Expert Nick Lewis analyzes miniFlame, the plug-in for the Flame malware, to determine how it operates and whether enterprises should be concerned. Answer
-
How users can defend against the Android remote-wipe vulnerability
Expert Nick Lewis details the Android remote-wipe vulnerability targeting Samsung phones and provides mitigations for Android users. Answer
-
What risk does the Apple UDID security leak pose to iOS users?
Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak. Answer
-
How should NFC security risks affect a BYOD security policy?
Security expert Nick Lewis explores the emerging security risks posed by NFC technology and discusses their effect on enterprise BYOD policy. Answer
-
Can XML encryption thwart XML attacks?
Expert Nick Lewis discusses proof-of-concept XML attacks and possible steps for defending data protected by XML encryption. Answer
-
Threat of SSL malware highlights SSL security issues
Expert Nick Lewis highlights SSL security issues and the threat of SSL malware being transmitted via HTTPS. Is this a serious blow to SSL security? Answer
-
Does accelerometer research portend keyboard-vibration attacks?
Expert Nick Lewis examines smartphone accelerometer research that may lead to keyboard-vibration attacks via a smartphone on a nearby computer. Answer
-
QR codes security: Do malicious QR codes pose a risk?
Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them. Answer
-
Curb the spam virus threat via information security awareness training
Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help. Answer
- See more Expert Advice on Emerging Information Security Threats
-
business logic attack
A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface and the application's supporting database. Definition
-
search engine results page (SERP)
A search engine results page (SERP) is the list of results that a search engine returns in response to a specific word or phrase query. Definition
-
mobile device attack
A mobile device attack is an exploit targeting handheld communications devices, such as smartphones and tablets. Ed Skoudis, founder and senior security consultant of InGuardians, a security consulting firm, describes one scenario: "Bad guys are go... Definition
-
device attack
A device attack is an exploit in which the attacker takes advantage of a vulnerable device to gain network access. Definition
-
Duqu (W32.Duqu)
Duqu is a remote access Trojan (RAT) that is designed to steal data from computers it infects. Definition
-
voluntary botnet
A voluntary botnet is a distributed network of computers whose processing power is harnessed to carry out a political or socially-motivated denial of service (DoS) attack. Definition
-
TDL-4 (TDSS or Alureon)
TDL-4 is sophisticated malware that facilitates the creation and maintenance of a botnet. The program is the fourth generation of the TDL malware, which was itself based on an earlier malicious program known as TDSS or Alureon. Definition
-
malvertisement (malicious advertisement or malvertising)
A malvertisement (malicious advertisement) is an advertisement on the Internet that delivers a malicious payload. Definition
-
advanced persistent threat (APT)
An advanced persistent threat is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. Definition
-
cybercrime
Cybercrime is a term for any illegal activity that uses a computer as its primary means of commission. Definition
- See more Definitions on Emerging Information Security Threats
-
Martin Roesch: Increase in cybersecurity breaches demands new tactics
Video: Sourcefire interim CEO Martin Roesch discusses the need for new tactics amid rampant cybersecurity breaches, plus APTs, big data and CISO priorities. Video
-
With Spyeye, Zeus variants, cybercriminals up the ante
They have long plagued the financial industry, but the latest Spyeye/Zeus variants are a serious and complicated threat, says Dell SecureWorks. Video
-
NSA’s Sager on cyberwarfare, likelihood of ‘digital Pearl Harbor’
The NSA’s Tony Sager discusses the likelihood of ‘digital Pearl Harbor’ and how to prepare for cyberattacks by cost-effectively disrupting attackers. Video
-
NSA’s Sager on trends of 2011 security breaches, advanced persistent threat hype
The NSA’s Tony Sager discusses macro trends of 2011 security breaches, why advanced persistent threat hype isn’t justified, and infosec lessons learned from his wife and kids. Video
-
Attack vectors, vulnerabilities and malware analysis at Black Hat 2011
Rodrigo Branco talks about vulnerabilities, malware sophistication and whether the move to cloud-based services will change the way cybercriminals work. Video
-
Marcus Ranum on cyberwar, critical infrastructure protection
Network security expert Marcus Ranum explains why he believes cyberwarfare is only a tool for powerful nation states and discusses how Stuxnet supports his premise. Video
-
Narcissistic vulnerability pimp: Baker on researchers and bug bounties
In a blog post, Verizon Director of Risk Wade Baker proposed a new title for security researchers looking to get attention who release bug information before a patch is released: Narcisstic vulnerability pimps. Video
-
Jim Lewis on SCADA security threats, Stuxnet analysis
Jim Lewis, Director and Senior Fellow at the Center for Strategic and International Studies, gives his analysis of the Stuxnet worm, and what he believes are the greatest threats to SCADA systems. Video
-
Information security podcasts
Download these weekly information security podcasts covering the top news and issues enterprise infosec pros care about to your PC or favorite mp3 player. Podcasts
-
Microsoft's Scott Charney on fighting botnets, rogue antimalware
In the final segment of SearchSecurity.com's exclusive RSA Conference 2011 video interview with Scott Charney, Microsoft's Corporate VP of Trustworthy Computing, he discusses a variety of concerns on the enterprise threat landscape. Video
- See more Multimedia on Emerging Information Security Threats
-
Exploit kits evolved: How to defend against the latest attack toolkits
Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits. Tip
-
DDoS attack trends highlight increasing sophistication, larger size
Though the Spamhaus DDoS attack showed the potential devastation of increasing bandwidth, DDoS attack trends show DDoS type to be just as important. News
-
Department of Labor website hack highlights advanced attack trends
The IE8 zero-day attack planted in the U.S. Labor Department's website highlights how few organizations can ward off never-before-seen attacks. News
-
The Red October malware campaign uncovered: What enterprises can learn
Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage. Tip
-
Over 100k serial devices online and unsecured, says HD Moore
Security researcher HD Moore says 114,000 serial devices exposed to the Internet are highly hackable. News
-
The updated Makadocs malware: How to protect users locally
Security expert Nick Lewis details how the updated Makadocs malware uses Google Docs as a command and control server and offers mitigations for users. AtE
-
MiniFlame malware: Assessing the threat to enterprises
Expert Nick Lewis analyzes miniFlame, the plug-in for the Flame malware, to determine how it operates and whether enterprises should be concerned. Answer
-
Malware hits businesses 20 to 60 times an hour, say researchers
Advanced cyber attacks hit businesses 20 times an hour on average, say researchers at security firm FireEye News
-
Gauging UPnP security risks: Is UPnP secure enough for enterprise use?
Is UPnP secure enough for enterprise use? Network security expert Brad Casey assesses UPnP security risks and offers advice for mitigating the threat. Tip
-
Protect intellectual property with data breach prep, cost analysis
Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.' Tip
- See more All on Emerging Information Security Threats
About Emerging Information Security Threats
Hackers are now attacking RFID tags and readers, mobile devices and hardware drivers and using advanced information security threats such as rootkits and self-morphing Trojans to gain control of PCs. Read through our news, tips and advice to get the latest knowledge you need to defeat evolving hacker techniques.