Platform security
Get the latest news, advice and best practices for platform security. Here you'll find information on vulnerability and threat management, operating system security fundamentals, virtualization security basics, Web security and more.
Top Stories
-
Feature
31 Aug 2023
Types of ransomware and a timeline of attack examples
There are eight main types of ransomware but hundreds of examples of ransomware strains. Learn how the ransomware types work, and review notable ransomware attacks and variants. Continue Reading
-
Answer
19 Apr 2023
How to defend against TCP port 445 and other SMB exploits
Keeping TCP port 445 and other SMB ports open is necessary for resource sharing, yet this can create an easy target for attackers without the proper protections in place. Continue Reading
-
News
30 Sep 2021
FireEye and McAfee Enterprise announce product mashup
Merger-happy investment firm STG has let slip that it will integrate the product lines of McAfee Enterprise and FireEye. Analysts say it will be a challenging road ahead. Continue Reading
-
Tip
13 Sep 2021
All about cloud-native application protection platforms
The cloud-native application protection platform, or CNAPP, is the latest in a slew of cloud security acronyms. Learn what it is and why the concept should stick around. Continue Reading
-
News
05 Aug 2021
CISA director announces 'Joint Cyber Defense Collaborative'
The Joint Cyber Defense Collaborative, or JCDC, is a partnership between the public and private sectors to create and implement comprehensive national cybersecurity plans. Continue Reading
-
Feature
30 Jun 2021
Common Linux vulnerabilities admins need to detect and fix
Server admins need to prepare for a variety of common Linux vulnerabilities, from software and hardware vulnerabilities to employee-created ones and even digital espionage. Continue Reading
-
Feature
30 Jun 2021
How to implement Linux security best practices
When setting up security for a company's infrastructure, admins need to focus on backups, patch management and regular vulnerability scans. Continue Reading
-
Feature
15 Jun 2021
How to get started with security chaos engineering
Introducing security chaos engineering: the latest methodology security teams can implement to proactively discover vulnerabilities or weaknesses in a company's system. Continue Reading
-
Answer
13 May 2021
What's the difference between sandboxes vs. containers?
Understanding the differences between sandboxes vs. containers for security can help companies determine which best suits their particular use cases. Continue Reading
-
News
06 Apr 2021
New Intel Ice Lake processors boost performance, security
Intel launches third-generation Xeon Scalable processors that bolster security, accelerate common data center workloads by 46% on average and support up to 40 cores per processor. Continue Reading
-
Feature
20 May 2020
IT and security teams collide as companies work from home
The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security. Continue Reading
-
Feature
27 Feb 2020
Windows IIS server hardening checklist
Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use. Continue Reading
-
Opinion
26 Feb 2020
RSA 2020 day 1: Windows 10X & secured core PCs; Hysolate updates; LastPass passwordless login
Security-focused conferences are my time to shine--and geek out on the latest in security news. Continue Reading
-
Tip
20 Nov 2019
How to use and manage BitLocker encryption
Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it. Continue Reading
-
Definition
05 Nov 2019
application whitelisting
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. Continue Reading
-
News
31 Jul 2019
Project Zero drops six iOS vulnerabilities ahead of Black Hat
Google Project Zero researchers disclosed six iOS vulnerabilities, including proof-of-concept code that could allow for attacks requiring no user interaction. Continue Reading
-
Answer
23 Jan 2019
How does cross-site tracking increase security risks?
Mozilla's Firefox 63 automatically blocks tracking cookies and other site data from cross-site tracking. Learn what this is and what the benefits of blocking it are with Nick Lewis. Continue Reading
-
News
27 Dec 2018
Malwarebytes: Fileless ransomware an emerging threat for U.S.
A new Malwarebytes report examines Sorebrect, a fileless ransomware threat that's been detected in the U.S. this year, as well as with three other fileless attacks. Continue Reading
-
Answer
18 Dec 2018
How Big Star Labs was able to use data collecting apps
The ad-blocking vendor AdGuard found browser extensions and apps from Big Star Labs collecting browser history data. Discover how this was accomplished with Nick Lewis. Continue Reading
-
Tip
18 Dec 2018
How to ensure your enterprise doesn't have compromised hardware
Enterprise protections are crucial in order to guarantee the safety of your hardware. Discover best practices to guard your enterprise's hardware with Nick Lewis. Continue Reading
-
Answer
17 Dec 2018
Kronos banking Trojan: How does the new variant compare?
Proofpoint researchers found a Kronos variant after it targeted victims in Germany, Japan and Poland. Learn how this variant compares to the original banking Trojan with Nick Lewis. Continue Reading
-
Answer
13 Dec 2018
Why is preloading HTTP Strict Transport Security risky?
Despite being designed to improve security, infosec experts have warned against preloading the HSTS protocol. Learn about the risks of preloaded HSTS with Judith Myerson. Continue Reading
-
Answer
12 Dec 2018
Faxploit: How can sending a fax compromise a network?
Check Point researchers found a fax machine attack allowing attackers to access scanned documents. Discover how this is possible and how users can avoid falling victim. Continue Reading
-
Tip
04 Dec 2018
Testing applications in production vs. non-production benefits
To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons. Continue Reading
-
Answer
19 Nov 2018
How does a Bluetooth vulnerability enable validation attacks?
Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated. Continue Reading
-
Answer
15 Nov 2018
How is the Trezor cryptocurrency online wallet under attack?
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it with expert Nick Lewis. Continue Reading
-
Answer
12 Nov 2018
How does new MacOS malware target users through chat?
New malware targets cryptocurrency investors through MacOS and chat platforms were recently discovered. Learn how OSX.Dummy malware works and what users can do to spot the attack. Continue Reading
-
Answer
23 Oct 2018
How do newly found flaws affect robot controllers?
Several vulnerabilities were found in controllers made by Universal Robots. Discover what these controllers are used for and how threat actors can exploit these vulnerabilities. Continue Reading
-
Answer
01 Oct 2018
SamSam ransomware: How is this version different from others?
Sophos recently discovered a SamSam extortion code that performs company-wide attacks using a range of vulnerability exploits. Discover how this version differs from past variants. Continue Reading
-
Answer
27 Sep 2018
BlackTDS: How can enterprise security teams avoid an attack?
Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis. Continue Reading
-
Answer
06 Sep 2018
IonCube malware: Who do these malicious files put at risk?
Malicious files posing as legitimate ionCube files were recently found by WordPress and Joomla admins. Learn how the ionCube malware works with expert Nick Lewis. Continue Reading
-
Opinion
01 Aug 2018
Tom Van Vleck on the Multics operating system, security decisions
Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher. Continue Reading
-
Tip
07 Jun 2018
Where machine learning for cybersecurity works best now
Need to up your endpoint protection endgame? Learn how applying machine learning for cybersecurity aids in the fight against botnets, evasive malware and more. Continue Reading
-
Tip
07 Jun 2018
AI and machine learning in network security advance detection
Applying AI, and specifically machine learning, in network security helps protect enterprises against advanced persistent threats and sophisticated cybercriminals. Continue Reading
-
Answer
12 Dec 2017
How can platform firmware be protected from attacks?
The NIST published guidance on building up platform firmware resiliency. Expert Judith Myerson looks at the NIST guidelines and the major takeaways for enterprises. Continue Reading
-
Answer
05 Dec 2017
iOS updates: Why are some Apple products behind on updates?
A study by Zimperium found that more than 23% of iOS devices aren't running the latest software. Matt Pascucci explains how this is possible, even though Apple controls iOS updates. Continue Reading
-
Opinion
02 Oct 2017
Building a secure operating system with Roger R. Schell
The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion. Continue Reading
-
News
28 Apr 2017
Symantec certificate authority offers counter-proposal to Google
Symantec certificate authority proposal takes the pain out of sanctions for misissued certs, offers more audits, greater transparency and promise of "continuous improvement." Continue Reading
-
Tip
15 Sep 2016
Secure Docker on Linux or Windows platforms
With Docker appearing in businesses of all shapes and sizes, security is a concern for many IT admins. Here's how to secure Docker on the container or the host machine. Continue Reading
-
Definition
28 Jul 2015
security by design
Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best practices. Continue Reading