SearchSecurity
New & Notable
News
ICS security just isn't, Black Hat 2018 sessions show
Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying.
Manage
How CVE 2018-2636 affects Oracle's Micros POS
A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability.
Manage
OneLogin CSO: 'We do everything through risk models now'
How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus.
News
The TLS 1.3 protocol update is finally published
The finalized TLS 1.3 update has been published after a four-year process. The new protocol promises to be faster and more secure than its predecessor, TLS 1.2.
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
Trending Topics
-
Emerging threats News
ICS security just isn't, Black Hat 2018 sessions show
Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying.
-
Windows security Problem Solve
The severity of Microsoft's NTFS security flaw
A security researcher exposed an NTFS flaw that Microsoft deliberately hasn't patched. Expert Michael Cobb explains how the bug works and why it isn't being treated as severe.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology Manage
Comparing lattice cryptography to current cryptography
As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option.
-
Security industry trends News
Black Hat attendees facing workforce, budget challenges
According to a survey of Black Hat 2018 attendees, organizations are still struggling with insufficient cybersecurity staff and budgets to meet the current and emerging threats.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Robert Richardson asks:
Do you think ICS security vulnerabilities are a serious physical security concern? Why or why not?
-
Nick Lewis asks:
What do you think about Oracle waiting to patch the Oracle Micros POS system that was affected by CVE-2018-2636?
Find Solutions For Your Project
-
Evaluate
Malicious apps used Facebook APIs to steal user data
Malicious apps collected Facebook user data through Facebook APIs. Expert Michael Cobb explains how social networking platforms can monitor third-party apps' access to data.
-
Misuse of the UPnP protocol leads to a vulnerability
-
Top three benefits of SIEM for the enterprise
-
MANRS: ISOC's solution for BGP security
-
-
Problem Solve
Malwarebytes discovered four new Mac security risks
Mac platforms are at risk after Malwarebytes discovered four new Mac malware strains. Learn how to protect your enterprise and how to mitigate these attacks with expert Nick Lewis.
-
The severity of Microsoft's NTFS security flaw
-
Why infosec needs more female conference speakers
-
How a vulnerability puts emergency warning systems at risk
-
-
Manage
How CVE 2018-2636 affects Oracle's Micros POS
A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability.
-
OneLogin CSO: 'We do everything through risk models now'
-
An analysis of the botnet security NIST report
-
How to work around Efail flaws in OpenPGP and S/MIME
-
-
E-Zine | August 2018
Security data scientists on how to make your data useful
Download -
E-Handbook | July 2018
Incident response playbook in flux as services, tools arrive
Download -
E-Handbook | June 2018
Machine learning security, a real advance in tech protection
Download -
E-Zine | June 2018
CISOs face the IoT security risks of stranger things
Download -
Buyer's Handbook | May 2018
A security operations center for hire? Something to consider
Download
Information Security Basics
-
Get Started
Advances in access governance strategy and technology
Recent advances in IAM policy, strategy and technology are raising companies' ability authenticate identities and manage access to their systems and data.
-
Get Started
Top three benefits of SIEM for the enterprise
SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting.
-
Get Started
certificate authority
A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.
Multimedia
Vendor Resources
Blog: Security Bytes
-
DHS cybersecurity rhetoric offers contradictions at DEF CON
The Vote Hacking Village at Defcon 26 in Las Vegas was an overwhelming jumble of activity -- a mock vote manipulated, children hacking election results websites, machines being disassembled -- and ...Continue Reading
-
Five things to watch for at Black Hat USA this year
As Black Hat USA 2018 approaches, we take a quick look at trends in the conference agenda and sessions not to miss.Continue Reading
-
More Security Bytes Posts
How Dropbox dropped the ball with anonymized data
Is the new California privacy law a domestic GDPR?
Cyber attribution: Why it won't be easy to stop the blame game
-
News
View All -
Virtualization security issues and threats
Spectre-like Foreshadow vulnerability discovered
News roundup: Intel disclosed L1TF vulnerabilities with similarities to Spectre, but with a focus on data. Plus, the NIST Small Business Cybersecurity Act is now a law, and more.
-
Emerging cyberattacks and threats
ICS security just isn't, Black Hat 2018 sessions show
Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren't really trying.
-
Web browser security
The TLS 1.3 protocol update is finally published
The finalized TLS 1.3 update has been published after a four-year process. The new protocol promises to be faster and more secure than its predecessor, TLS 1.2.
SearchSecurity Definitions
- certificate authority (CA)
- hacktivism
- advanced persistent threat (APT)
- whaling attack (whaling phishing)
- Certified Cloud Security Professional (CCSP)
- federated identity management
- next-generation firewall (NGFW)
- DMZ (networking)