SearchSecurity
New & Notable
News
Microsoft: 94% of Trickbot's infrastructure disabled
In a new blog post, Microsoft said its legal takedown last week, which sought to decrease Trickbot activity, disabled the vast majority of the botnet's servers.
News
NSA issues advisory against Chinese state-sponsored hackers
Among the 25 vulnerabilities listed in the NSA advisory, numerous were critical and carried a CVSS score either at or close to 10, the highest possible.
Evaluate
Evaluating SOC automation benefits and limitations
Security operations center automation can help address the security skills gap by scaling critical analyst responsibilities. But an overreliance on AI introduces other risks.
Evaluate
Top zero-trust certifications, training for IT pros
Explore how zero-trust certifications and training options from Forrester, Cybrary and Pluralsight can build on your IT team's skills for a successful security migration.
Download: Your Complete Guide to IAM
Utilize this 66-page IAM guide to help you stay on top of the latest best practices and techniques. Security expert Michael Cobb explores the risks and rewards of biometrics measures and multifactor authentication, how organizations can assess if it is time to modernize IAM strategies, and much more.
Trending Topics
-
Emerging threats News
Should ransomware payments be banned? Experts weigh in
Two events -- a new advisory and what might be the first ransomware-related death -- have reignited the debate of whether ransomware payments should be banned.
-
Windows security News
Microsoft detects Netlogon vulnerability exploitation in the wild
While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability.
-
PCI DSS Evaluate
Explore the next-generation firewall marketplace
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision
-
Encryption technology Evaluate
Double key encryption yields data protection benefits
Microsoft's new double key encryption offering brings data security and compliance benefits. Are they worth the implementation challenges?
-
Security industry trends Manage
3 common election security vulnerabilities pros should know
Election security remains top of mind for many right now, with Nabil Hannan discussing vulnerabilities like remote breaches, new attack surfaces and poor current controls.
-
CISSP Get Started
Take this CISSP practice test before the final exam
Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Find Solutions For Your Project
-
Evaluate
How to choose an on-ramp to jump-start zero trust
Zero-trust security has three main on-ramps -- each with its own technology path. For a clear-cut zero-trust implementation, enterprises need to choose their on-ramp wisely.
-
How Ghidra impacted the reverse-engineering community
-
Double key encryption yields data protection benefits
-
Technology a double-edged sword for U.S. election security
-
-
Problem Solve
Critical IIoT security risks cloud IoT's expansion into industry
The convergence of IoT with industrial processes increases productivity, improves communications and makes real-time data readily available. But serious IIoT security risks must be considered as well.
-
Application codebase update security best practices
-
Top AI security concerns for IT leaders
-
Making cybersecurity hygiene a shared responsibility
-
-
Manage
Planning a zero-trust strategy in 6 steps
Launch a zero-trust strategy in six steps. Learn how to form a dedicated team, ask questions about existing security controls and evaluate the priority of zero-trust initiatives.
-
Plan for uncertainty in cybersecurity budgets
-
For Cybersecurity Awareness Month, learn about emerging risks
-
3 common election security vulnerabilities pros should know
-
-
E-Zine | August 2020
Cybersecurity education for employees: Learn what works
Download -
E-Handbook | May 2020
How to get actionable threat intelligence from tech tools
Download -
E-Zine | May 2020
Why CISOs need advanced network security strategies now
Download -
E-Handbook | April 2020
Employ AI for cybersecurity, reap strong defenses faster
Download -
E-Handbook | March 2020
How to implement a strong COVID-19 cybersecurity plan
Download
Information Security Basics
-
Get Started
Developing a cyber resilience plan for today's threat landscape
A cyber resilience plan should complement a company's cybersecurity strategy so that the security culture and cyber hygiene is thought through in all IT and cybersecurity initiatives.
-
Get Started
Quiz: Enterprise authentication methods and uses
There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security.
-
Get Started
Securely transmitting data starts with encryption
Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip.
Multimedia
-
Problem Solve
Top AI security concerns for IT leaders
-
-
Vendor Resources
- A Simpler Approach to Endpoint Security –Product Overview
- Seven Strategies to Securely Enable Remote Workers –White Paper
- Enterprise Network Security in a Post-COVID World –Analyst Report
Blog: Security Bytes
-
Google focuses more on steering the Android ship than righting it
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today.Continue Reading
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
More Security Bytes Posts
Marriott Starwood data breach notification de-values customers
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
-
News
View All -
Malware, virus, Trojan and spyware protection and removal
NSS Labs ceases operations amid financial turmoil
Product testing firm NSS Labs shut down last week, citing negative effects of COVID-19, but former employees say the company's troubles started well before the pandemic.
-
Information security laws, investigations and ethics
After a brief pause, Trickbot rebounds from takedown efforts
Attempts to disrupt the notorious Trickbot botnet, most recently through Microsoft's legal takedown, have proven short-lived as ransomware attacks have resumed.
-
Data security breaches
Twitter hackers posed as IT staff, used VPN issues as a lure
A report by New York State's Department of Financial Services found that hackers breached Twitter's network by posing as IT support and obtaining credentials through vishing.
SearchSecurity Definitions
- Federal Information Security Management Act (FISMA)
- CISO as a service (vCISO, virtual CISO, fractional CISO)
- access control
- advanced persistent threat (APT)
- biometrics
- zero-day (computer)
- PCI DSS 12 requirements
- vulnerability assessment (vulnerability analysis)