SearchSecurity
New & Notable
News
Risk & Repeat: Trend Micro apps land in hot water
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Trend Micro's Mac apps, which have come under fire for questionable data collection features.
News
Government payment service leaks 14 million customer records
Experts question the security audit and government agency vetting that took place before the GovPayNow leak, which affected 14 million customer records dating back six years.
Manage
How a new practical attack affects SEV technology
Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it can be exploited.
News
NSS Labs files antitrust suit against antimalware vendors
In an antitrust lawsuit, NSS Labs accused some of the top antimalware vendors in the industry, including CrowdStrike and Symantec, of conspiring to undermine its testing efforts.
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
Trending Topics
-
Emerging threats News
Firmware flaw could allow encryption key theft via cold boot
The idea of cold boot attacks began ten years ago, but researchers at F-Secure found that the attack can be used on modern computers to steal encryption keys and other data.
-
Windows security News
Windows 10 exploit code released, no patch available
Security researcher SandboxEscaper released proof-of-concept code for a Windows 10 zero-day on Twitter, but Microsoft has no details for a potential patch.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology Manage
Comparing lattice cryptography to current cryptography
As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option.
-
Security industry trends News
Risk & Repeat: Breaking down the Pwnie Awards
In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
Find Solutions For Your Project
-
Evaluate
How to get women in security to speak at conferences
Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage.
-
Bobbie Carlton on tech conferences' gender gap
-
How to find the best privileged identity management tool
-
How to buy the best PIM tool for your enterprise
-
-
Problem Solve
A vulnerability in strongSwan caused a buffer underflow
A buffer underflow was found to be caused by a vulnerability in strongSwan's open source VPN. Learn how this is possible and how attackers can exploit it with Judith Myerson.
-
How a SQL web vulnerability can be detrimental
-
How Telegrab bypasses end-to-end encryption
-
A look at Intel's hardware debugging exception flaw
-
-
Manage
How a new practical attack affects SEV technology
Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it can be exploited.
-
WPA3 security enhancements and new protocol
-
Judging security operation centers' performance
-
How the VPNFilter threat works and affects users
-
-
E-Handbook | September 2018
Security access controls over identities must be priority
Download -
Buyer's Handbook | August 2018
How to find the best privileged identity management tool
Download -
E-Zine | August 2018
Security data scientists on how to make your data useful
Download -
E-Handbook | July 2018
Incident response playbook in flux as services, tools arrive
Download -
E-Handbook | June 2018
Machine learning security, a real advance in tech protection
Download
Information Security Basics
-
Get Started
A look at the new techniques used in SynAck ransomware
A technique called Process Doppelgänging was used by the SynAck ransomware to bypass security software. Expert Michael Cobb explains how this technique works and why it's unique.
-
Get Started
access control
Access control is a security technique that regulates who or what can view or use resources in a computing environment.
-
Get Started
ethical hacker
An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their ...
Multimedia
Vendor Resources
- Webinar: Financial Services Organizations, Data Privacy, & GDPR –Video
- Closing the IT Security Gap with Automation & AI in the Era of IoT: Global –Research Content
- Top 10 Ransomware from 2017 –Research Content
Blog: Security Bytes
-
What the GAO Report missed about the Equifax data breach
The Government Accountability Office investigated the Equifax data breach, but the GAO's report leaves out several important points about the infamous incident.Continue Reading
-
DHS cybersecurity rhetoric offers contradictions at DEF CON
The Vote Hacking Village at Defcon 26 in Las Vegas was an overwhelming jumble of activity -- a mock vote manipulated, children hacking election results websites, machines being disassembled -- and ...Continue Reading
-
More Security Bytes Posts
Five things to watch for at Black Hat USA this year
How Dropbox dropped the ball with anonymized data
Is the new California privacy law a domestic GDPR?
-
News
View All -
Data security breaches
Government payment service leaks 14 million customer records
Experts question the security audit and government agency vetting that took place before the GovPayNow leak, which affected 14 million customer records dating back six years.
-
Malware, virus, Trojan and spyware protection and removal
NSS Labs files antitrust suit against antimalware vendors
In an antitrust lawsuit, NSS Labs accused some of the top antimalware vendors in the industry, including CrowdStrike and Symantec, of conspiring to undermine its testing efforts.
-
Microsoft Patch Tuesday and patch management
Unpatched systems still open to EternalBlue exploit
Unpatched systems are still being targeted by the WannaMine cryptojacker, despite warnings and global cyberattacks using the EternalBlue exploit leaked from the NSA.