SearchSecurity
New & Notable
News
Facebook's Android app gathered call log data for years
New emails revealed that Facebook app permissions were carefully implemented to avoid alerting users to the fact that the Android app was gathering call log and SMS data.
News
First big Kubernetes security vulnerability discovered
News roundup: A critical Kubernetes vulnerability was found in the system's API server and could have a wide reach. Plus, ESET found 21 new Linux malware families, and more.
News
Risk & Repeat: RSA Conference 2019 eyes diversity improvements
This week's Risk & Repeat podcast looks at RSA Conference's diversity and inclusion initiatives and discusses what they mean for both the event and the infosec industry.
Manage
How hackers can bypass WhatsApp web app encryption
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work and how to prevent them.
Instant Download: Free Guide to Password Security
Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.
Trending Topics
-
Emerging threats Evaluate
What you should know about supply chain cybersecurity
Both physical and cyber supply chain security are critically important. Expert Ernie Hayden outlines the recent history of supply chain defenses and what enterprises need to know.
-
Windows security Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology News
Microsoft BitLocker misplaces trust in SSDs for encryption
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
-
Security industry trends News
Risk & Repeat: Inside RSA Conference's diversity push
This week's Risk & Repeat podcast looks at RSA Conference's diversity and inclusion initiatives and discusses what they mean for both the event and the infosec industry.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Dave Shackleford asks:
Which of the above deception techniques are you most (or least) likely to implement as part of your security program?
Find Solutions For Your Project
-
Evaluate
Can deception security tactics turn the tables on attackers?
Is the latest news on an onslaught of advanced threats causing you to despair? Maybe it's time to consider taking a 'deceptive' approach to IT security.
-
How TLS 1.3 upgraded from TLS 1.2
-
Comparing L1TF and Spectre vulnerabilities
-
The security risks of downloading via Fortnite Installer
-
-
Problem Solve
U.S. must do more to curb election interference threats
There's no evidence that threat actors have been able to manipulate or change vote counts in our elections, but Kevin McDonald says that doesn't mean it can't -- or won't -- happen.
-
Why endpoint security tools can't detect the BYOL approach
-
Reddit users socially engineered by attackers in breach
-
How a D-Link router vulnerability targeted a bank
-
-
Manage
Speculative execution vulnerabilities affect processors
New speculative execution vulnerabilities have been found affecting Intel processors. Learn how these flaws can lead to side-channel attacks with Judith Myerson.
-
How hackers can bypass WhatsApp web app encryption
-
How to remove location tracking features on Android
-
Why non-production systems should be tested
-
-
E-Handbook | December 2018
Can deception security tactics turn the tables on attackers?
Download -
E-Zine | December 2018
Allure of the threat hunter draws companies large and small
Download -
E-Handbook | October 2018
SIEM tools, future tech and how to prepare for what's ahead
Download -
E-Zine | October 2018
User behavior analytics tackles cloud, hybrid environments
Download -
E-Handbook | September 2018
Security access controls over identities must be priority
Download
Information Security Basics
-
Get Started
How to improve detection and response in 5 steps
Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture.
-
Get Started
RSA algorithm (Rivest-Shamir-Adleman)
The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it...
-
Get Started
remote access
Remote access is the ability to access a computer or a network remotely through a network connection.
Multimedia
Vendor Resources
Blog: Security Bytes
-
Are US hacker indictments more than Justice Theater?
New hacker indictments and U.S.Treasury Department sanctions highlight the disconnect between government action and real world consequences for threat actors.Continue Reading
-
Breaking down Dell's "potential cybersecurity incident" announcement
Dell provided some information about a "potential cybersecurity incident" earlier this month, but it's unclear how the company and customers should be reacting.Continue Reading
-
More Security Bytes Posts
Will cybersecurity safety ever equal air travel safety?
Android Ecosystem Security Transparency Report is a wary first step
Google sets Android security updates rules but enforcement is unclear
-
News
View All -
Alternative operating system security
Facebook's Android app gathered call log data for years
New emails revealed that Facebook app permissions were carefully implemented to avoid alerting users to the fact that the Android app was gathering call log and SMS data.
-
Email and messaging threats
NRCC forced to admit email breach from April
A security company was brought in to investigate a National Republican Congressional Committee breach from April, but little is known about the NRCC email theft.
-
Malware, virus, Trojan and spyware protection and removal
Pegasus spyware linked to two journalist deaths
Soon after the Pegasus spyware was linked to the death of a Mexican journalist, a new lawsuit alleged the NSO Group and its spyware were also linked to the death of a Saudi journalist.