SearchSecurity
New & Notable
US report on cyber espionage accuses China and Russia o
China and Russia are using cyber espionage to steal US trade and technology secrets, says a US intelligence report covering 2009 to 2011.
Manage
How to avoid web cache poisoning
Web cache poisoning poses a serious threat to web browser security. Learn how hackers can exploit unkeyed inputs for malicious use with expert Michael Cobb.
Manage
How a phishing campaign targeted Trezor wallets
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it with expert Nick Lewis.
Evaluate
How Microsoft Authenticator integrates with Azure AD
Microsoft expanded the Microsoft Authenticator app to integrate with tens of thousands of Azure AD apps. Expert Dave Shackleford explains how this tool is improving security.
Instant Download: Free Guide to Password Security
Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.
Trending Topics
-
Emerging threats News
Intel Hyper-Threading targeted by side-channel attack
The latest side-channel attack against Intel chips, known as PortSmash, targets Hyper-Threading in order to steal data, such as private OpenSSL keys from a TLS server.
-
Windows security Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology News
Microsoft BitLocker misplaces trust in SSDs for encryption
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
-
Security industry trends Manage
Report: More security professionals cross to dark side
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Michael Heller asks:
Are you surprised the U.S. did not sign the Paris cybercrime accord? Why or why not?
-
Nick Lewis asks:
How do you think this recent macOS malware vulnerability will influence the digital signature process?
Find Solutions For Your Project
-
Evaluate
How Plead malware is used for cyberespionage attacks
Cyberespionage hackers have used stolen digital certificates to steal data. Expert Michael Cobb explains how hackers sign Plead malware to conduct these attacks.
-
Deception tech tools lure in, expose attackers
-
How TLS certificates were used to phish Netflix users
-
SIEM tools, future tech and how to prepare for what's ahead
-
-
Problem Solve
How macOS malware bypassed signature checks
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this attack.
-
OSX.Dummy uses chat to attack cryptocurrency investors
-
Strengthening the application security vetting process
-
U2F security keys: Google's solution for phishing
-
-
Manage
How a new type of botnet is changing botnet attacks
The new Mylobot botnet demonstrated new, complex tools and techniques that are modifying botnet attacks. Learn how this botnet differs from a typical botnet with Nick Lewis.
-
How enterprises can monitor insider threat behavior
-
Why is business email compromise on the rise?
-
How site isolation defends against Spectre attacks
-
-
E-Handbook | October 2018
SIEM tools, future tech and how to prepare for what's ahead
Download -
E-Zine | October 2018
User behavior analytics tackles cloud, hybrid environments
Download -
E-Handbook | September 2018
Security access controls over identities must be priority
Download -
Buyer's Handbook | August 2018
How to find the best privileged identity management tool
Download -
E-Zine | August 2018
Security data scientists on how to make your data useful
Download
Information Security Basics
-
Get Started
challenge-response authentication
In information security, challenge-response authentication is a type of authentication protocol where one entity presents a challenge or question, and another entity provides a valid response to be authenticated.
-
Get Started
Following NIST guidelines for better incident response
The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step.
-
Get Started
Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
Multimedia
Vendor Resources
- The Black Market Report: A Look Inside the Dark Web –White Paper
- How HP Printers Detected London Airport's 2018 Cyberattack –Case Study
- Why CASB alone isn't enough –White Paper
Blog: Security Bytes
-
Android Ecosystem Security Transparency Report is a wary first step
Reading through Google's first quarterly Android Ecosystem Security Transparency Report feels like a mix of missed opportunities and déjà vu all over again. Much of what is in the new Android ...Continue Reading
-
Google sets Android security updates rules but enforcement is unclear
The vendor requirements for Android are a strange and mysterious thing but a new leak claims Google has added language to force manufacturers to push more regular Android security updates. ...Continue Reading
-
More Security Bytes Posts
Mystery around Trend Micro apps still lingers one month later
FBI, DHS blaming the victims on Remote Desktop Protocol
What the GAO Report missed about the Equifax data breach
-
News
View All -
Cyberespionage and nation-state cyberattacks
Paris cybercrime accord signed by 50 nations, 150 companies
An international cybercrime agreement was signed by 50 nations and 150 companies in Paris, but the U.S., China and Russia were not part of the accord.
-
Disk and file encryption tools
Microsoft BitLocker misplaces trust in SSDs for encryption
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
-
IoT security issues
UPnP vulnerability leads to massive botnet
News roundup: A new spam botnet infected over 100,000 home routers through a UPnP vulnerability, according to researchers. Plus, HSBC Bank reported a data breach, and more.