SearchSecurity
New & Notable
Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
Manage
How MnuBot malware uses an unusual C&C server
IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware differs from those in the past.
News
Facebook releases more details on account breaches
The recent Facebook breach affected 20 million fewer accounts than was previously thought. The company now says 29 million accounts had data exposed to attackers.
News
More than 10,000 websites still using Symantec certificates
Mozilla delays plans to distrust Symantec TLS certificates in Firefox because despite more than one year's notice, approximately 13,000 websites still use the insecure certificates.
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
Trending Topics
-
Emerging threats Problem Solve
How living off the land attacks use legitimate tools
Hackers use legitimate admin tools to exfiltrate data in living off the land attacks that are hard to detect. Learn about this cyberattack tactic from expert Michael Cobb.
-
Windows security Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology Manage
Comparing lattice cryptography to current cryptography
As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option.
-
Security industry trends News
Risk & Repeat: Breaking down the Pwnie Awards
In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Nick Lewis asks:
How has this Microsoft vulnerability or past vulnerabilities affected your enterprise?
-
Nick Lewis asks:
What preventative measures does your organization take to keep your servers from being used for a C&C infrastructure?
-
Michael Heller asks:
What do you think about how Facebook has handled the disclosure of information regarding this breach?
Find Solutions For Your Project
-
Evaluate
How TLS certificates were used to phish Netflix users
Hackers can imitate the design and domain name of popular sites like Netflix to steal credentials. Expert Michael Cobb explains how these Netflix phishing attacks work.
-
SIEM tools, future tech and how to prepare for what's ahead
-
Rev up your SIEM with machine learning capabilities
-
How TLBleed attacks leak data by abusing Intel chips
-
-
Problem Solve
How living off the land attacks use legitimate tools
Hackers use legitimate admin tools to exfiltrate data in living off the land attacks that are hard to detect. Learn about this cyberattack tactic from expert Michael Cobb.
-
How a malicious Chrome extension spreads malware
-
How MysteryBot uses overlay attacks to avoid detection
-
How cryptocurrency mining malware is infecting systems
-
-
Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
-
How MnuBot malware uses an unusual C&C server
-
How unencrypted previews expose private data
-
How NIST's Risk Management Framework affects security
-
-
E-Handbook | October 2018
SIEM tools, future tech and how to prepare for what's ahead
Download -
E-Zine | October 2018
User behavior analytics tackles cloud, hybrid environments
Download -
E-Handbook | September 2018
Security access controls over identities must be priority
Download -
Buyer's Handbook | August 2018
How to find the best privileged identity management tool
Download -
E-Zine | August 2018
Security data scientists on how to make your data useful
Download
Information Security Basics
-
Get Started
How to use Shodan for ICS security
Shodan can be a helpful tool for security pros to locate ICS cybersecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works and how it can be used for security.
-
Get Started
digital signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
-
Get Started
denial-of-service attack
A denial-of-service attack is a security event that occurs when an attacker prevents legitimate users from accessing specific computer systems, devices, services or other IT resources.
Multimedia
Vendor Resources
- The Network Leaders' Guide to Secure SD-WAN –eBook
- The DevOps Roadmap for Security –White Paper
- The ROI of Security Orchestration and Automation –White Paper
Blog: Security Bytes
-
Mystery around Trend Micro apps still lingers one month later
The mystery around the Trend Micro apps that were removed from the Mac App Store continues despite Trend Micro's numerous updates on the matter.Continue Reading
-
FBI, DHS blaming the victims on Remote Desktop Protocol
FBI, DHS call on users to mitigate Remote Desktop Protocol vulnerabilities and handle RDP exploits on their own, even as the "going dark" campaign continues unabated.Continue Reading
-
More Security Bytes Posts
What the GAO Report missed about the Equifax data breach
DHS cybersecurity rhetoric offers contradictions at DEF CON
Five things to watch for at Black Hat USA this year
-
News
View All -
Information security laws, investigations and ethics
Facebook releases more details on account breaches
The recent Facebook breach affected 20 million fewer accounts than was previously thought. The company now says 29 million accounts had data exposed to attackers.
-
Web browser security
More than 10,000 websites still using Symantec certificates
Mozilla delays plans to distrust Symantec TLS certificates in Firefox because despite more than one year's notice, approximately 13,000 websites still use the insecure certificates.
-
Cyberespionage and nation-state cyberattacks
Exaramel malware reveals major threats tied to APT group
News roundup: An APT group called TeleBots group was linked to Industroyer malware and NotPetya ransomware, according to researchers. Plus, Imperva is acquired by Thoma Bravo and more.