SearchSecurity
New & Notable
Problem Solve
Reddit users socially engineered by attackers in breach
Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim.
Get Started
How to set up a virtual network TAP in the cloud
A vTAP can give enterprises better visibility into their cloud networks. Expert Frank Siemons of InfoSec Institute explains how virtual network TAPs work and the available options.
News
Recorded Future names Tessa88 threat actor
Researchers at Recorded Future identified the individual behind the notorious Tessa88 hacker handle, but it's unclear what role he played in the LinkedIn and Myspace breaches.
News
Risk & Repeat: Who's to blame for bad passwords?
This week's Risk & Repeat podcast discusses whether users are responsible for creating and reusing weak passwords or if the technology systems themselves are to blame.
Instant Download: Free Guide to Password Security
Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.
Trending Topics
-
Emerging threats News
Risk & Repeat: Targeted ransomware attacks increasing
On this week's Risk & Repeat podcast, Chet Wisniewski of Sophos discusses his company's latest research and explains why there's reason for optimism in the war on cybercrime.
-
Windows security Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology News
Microsoft BitLocker misplaces trust in SSDs for encryption
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
-
Security industry trends Manage
Report: More security professionals cross to dark side
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Judith Myerson asks:
Have you or has an employee in your enterprise been socially engineered? How so?
Find Solutions For Your Project
-
Evaluate
How to get to zero trust, even if it's all new to you
Implementing a security policy that, essentially, trusts no one and nothing doesn't have to be overwhelming if you understand the basics behind the security model.
-
How Plead malware is used for cyberespionage attacks
-
Deception tech tools lure in, expose attackers
-
How app wrappers, containers aid mobile security strategies
-
-
Problem Solve
Reddit users socially engineered by attackers in breach
Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim.
-
How a D-Link router vulnerability targeted a bank
-
Bluetooth implementations affected by new vulnerability
-
How macOS malware bypassed signature checks
-
-
Manage
Container security concerns and best practices
Container security continues to be a pressing issue as containers and hosts are being used more frequently. Learn how to keep your enterprise safe with Matt Pascucci.
-
How Cisco Talos created a Thanatos ransomware decryptor
-
How to avoid web cache poisoning
-
How a phishing campaign targeted Trezor wallets
-
-
E-Handbook | October 2018
SIEM tools, future tech and how to prepare for what's ahead
Download -
E-Zine | October 2018
User behavior analytics tackles cloud, hybrid environments
Download -
E-Handbook | September 2018
Security access controls over identities must be priority
Download -
Buyer's Handbook | August 2018
How to find the best privileged identity management tool
Download -
E-Zine | August 2018
Security data scientists on how to make your data useful
Download
Information Security Basics
-
Get Started
challenge-response authentication
In information security, challenge-response authentication is a type of authentication protocol where one entity presents a challenge or question, and another entity provides a valid response to be authenticated.
-
Get Started
Following NIST guidelines for better incident response
The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step.
-
Get Started
Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
Multimedia
Vendor Resources
- SmartKey Security Overview –Resource
- Closing the Cybersecurity Gap –Research Content
- Guide to Mobile Device Vulnerabilities –Resource
Blog: Security Bytes
-
Android Ecosystem Security Transparency Report is a wary first step
Reading through Google's first quarterly Android Ecosystem Security Transparency Report feels like a mix of missed opportunities and déjà vu all over again. Much of what is in the new Android ...Continue Reading
-
Google sets Android security updates rules but enforcement is unclear
The vendor requirements for Android are a strange and mysterious thing but a new leak claims Google has added language to force manufacturers to push more regular Android security updates. ...Continue Reading
-
More Security Bytes Posts
Mystery around Trend Micro apps still lingers one month later
FBI, DHS blaming the victims on Remote Desktop Protocol
What the GAO Report missed about the Equifax data breach
-
News
View All -
Biometric technology
Research shows AI-generated fake fingerprints can scale
Researchers have developed AI-generated synthetic fingerprints -- known as DeepMasterPrints -- that can spoof biometric scanners and potentially be used to launch practical attacks.
-
Data security breaches
Recorded Future names Tessa88 threat actor
Researchers at Recorded Future identified the individual behind the notorious Tessa88 hacker handle, but it's unclear what role he played in the LinkedIn and Myspace breaches.
-
Data security technology and strategy
Amazon tries again to prevent public S3 buckets
Amazon unveils new settings to help users avoid S3 data leaks, but UpGuard's Chris Vickery, who uncovered most AWS exposures, is doubtful the changes will end the problem.