SearchSecurity
New & Notable
Problem Solve
How will cryptography adapt to the post-quantum world?
Post-quantum cryptographic algorithms are aimed at securing encrypted data against super-powerful computers in the future, but will they even be necessary? Hanno Böck explains.
News
FEMA overshares disaster victims' data with contractor
FEMA's data exposure is another high-profile example of accidental data disclosures -- a trend that has some security experts calling for more focus on failed security controls.
Problem Solve
Are padding oracle attacks worth worrying about?
Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks.
News
Machine identities up for grabs on dark web
Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate.
Instant Download: Free Guide to Password Security
Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.
Trending Topics
-
Emerging threats News
Mirai botnet returns to target enterprise systems
Researchers from Palo Alto Networks have spotted a new variant of the Mirai botnet that is targeting enterprise presentation systems and digital signage with 11 new exploits.
-
Windows security Manage
How to bypass a Windows kernel protection feature
Security researchers demonstrated how a new fileless attack technique can bypass a Windows kernel protection feature at Black Hat 2018. Find out how the technique works.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology Problem Solve
What are the biggest issues with self-encrypting drives?
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on vulnerable solid-state drives?
-
Security industry trends News
Risk & Repeat: Reviewing RSAC's diversity push
This week's 'Risk & Repeat' podcast looks back at RSA Conference and discusses the show's diversity and inclusion efforts as well as the top trends and sessions from the show.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
asks:
What steps have you taken to prevent padding oracle attacks?
Find Solutions For Your Project
-
Evaluate
What's the best way to combat a fileless malware campaign?
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns.
-
Who needs security orchestration, automation and response?
-
How SOAR can help lessen the cyberskills shortage
-
Common vulnerabilities in building management systems
-
-
Problem Solve
Are padding oracle attacks worth worrying about?
Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks.
-
Learn how port scanning attacks work
-
Building management system security tactics
-
Discover how SOAR eases the pain of patching
-
-
Manage
How to automate incident response using SOAR
Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks.
-
How -- and why -- attackers hijack BGP routes
-
Enterprises race to keep up with evolving C&C servers
-
5 email security challenges need enterprise attention
-
-
E-Handbook | March 2019
Who needs security orchestration, automation and response?
Download -
Buyer's Handbook | February 2019
Multifactor authentication methods, use cases and products
Download -
Buyer's Handbook | February 2019
A guide to SIEM platforms, benefits and features
Download -
E-Handbook | February 2019
Can a zero-trust approach fill the security perimeter void?
Download -
E-Zine | February 2019
CISOs build cybersecurity business case amid attack onslaught
Download
Information Security Basics
-
Get Started
payload (computing)
In computing, a payload is the carrying capacity of a packet or other transmission data unit. The term has its roots in the military and is often associated with the capacity of executable malicious code to do damage. Technically, the payload of a ...
-
Get Started
passphrase
A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a ...
-
Get Started
Using Mimikatz to dump Windows credentials
In this Mimikatz tutorial, learn about the password and credential dumping program, where you can acquire it and how easy it makes it to compromise system passwords.
Multimedia
Vendor Resources
- Is RegTech Your Differentiator –White Paper
- Data Immutability - A Key Issue for Capital Markets' RegTech –White Paper
- Identity and Data Management –Resource
Blog: Security Bytes
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
Marriott Starwood data breach notification de-values customers
The Marriott Starwood data breach exposed half a billion customers' data, but the hospitality giant seems to have learned from recent megabreaches that the standard response to a breach can be the ...Continue Reading
-
More Security Bytes Posts
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
Will cybersecurity safety ever equal air travel safety?
-
News
View All -
Data security strategies and governance
FEMA overshares disaster victims' data with contractor
FEMA's data exposure is another high-profile example of accidental data disclosures -- a trend that has some security experts calling for more focus on failed security controls.
-
PKI and digital certificates
Machine identities up for grabs on dark web
Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate.
-
Data security strategies and governance
Facebook internally exposed passwords for years
Facebook learned three months ago that hundreds of millions of passwords were stored internally in plaintext, but it didn't disclose the issue or notify users until the news leaked.
SearchSecurity Definitions
- Diffie-Hellman key exchange (exponential key exchange)
- cache poisoning (DNS poisoning, web cache poisoning)
- man-in-the-disk (MITD) attack
- reverse brute-force attack