SearchSecurity
New & Notable
News
Risk & Repeat: Expired certificates loom amid government shutdown
This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown.
Manage
Supporting TLS 1.3 means adding enough key entropy
Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson.
Manage
How BGPsec is involved with internet traffic control
The use of BGPsec protocols was found after looking into threat actors in China that controlled U.S. internet traffic. Discover how this technique works and how it can be mitigated.
Evaluate
A look at the security of cloud databases
Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases.
Instant Download: Free Guide to Password Security
Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.
Trending Topics
-
Emerging threats News
Global DNS hijacking attacks attributed to Iran
FireEye researchers investigating a DNS hijacking campaign against governments and telecom companies said those who are potential targets of Iran should take precautions.
-
Windows security Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology News
Microsoft BitLocker misplaces trust in SSDs for encryption
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
-
Security industry trends News
RSAC keynote lineup reflects diversity push
RSA Conference 2019's diversity and inclusion initiative appears to be paying off, as the initial keynote speaker lineup has equal representation for men and women speakers.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
Find Solutions For Your Project
-
Evaluate
How to evaluate and integrate CIAM security products
Evaluating customer identity access management products is complicated but necessary. Learn what’s new and what you need most right now.
-
Learn the core ways customer IAM is different
-
How quantum computing affects cryptographic algorithms
-
A guide to SIEM platforms, benefits and features
-
-
Problem Solve
How good backups aid SamSam ransomware recovery
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works and if recovery is possible.
-
Learn how to guard hardware with enterprise protections
-
How users can protect themselves against Brrr ransomware
-
U.S. must do more to curb election interference threats
-
-
Manage
How BGPsec is involved with internet traffic control
The use of BGPsec protocols was found after looking into threat actors in China that controlled U.S. internet traffic. Discover how this technique works and how it can be mitigated.
-
Supporting TLS 1.3 means adding enough key entropy
-
Malicious JavaScript code used to steal credit card data
-
How a vulnerability was found in a My Cloud NAS device
-
-
E-Handbook | January 2019
Customer identity and access management: Why now and how?
Download -
E-Handbook | December 2018
Can deception security tactics turn the tables on attackers?
Download -
E-Zine | December 2018
Allure of the threat hunter draws companies large and small
Download -
E-Handbook | October 2018
SIEM tools, future tech and how to prepare for what's ahead
Download -
E-Zine | October 2018
User behavior analytics tackles cloud, hybrid environments
Download
Information Security Basics
-
Get Started
Customer identity and access management: Why now and how?
There's an important distinction between consumers and customers; just as crucial is understanding the difference between customer IAM and traditional IAM.
-
Get Started
brute force attack
Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than ...
-
Get Started
spyware
Spyware is software that is installed on a computing device without the user's knowledge. Spyware can be difficult to detect; often, the first indication a user has that a computing device has been infected with spyware is a noticeable reduction in ...
Multimedia
Vendor Resources
Blog: Security Bytes
-
Marriott Starwood data breach notification de-values customers
The Marriott Starwood data breach exposed half a billion customers' data, but the hospitality giant seems to have learned from recent megabreaches that the standard response to a breach can be the ...Continue Reading
-
Are US hacker indictments more than Justice Theater?
New hacker indictments and U.S.Treasury Department sanctions highlight the disconnect between government action and real world consequences for threat actors.Continue Reading
-
More Security Bytes Posts
Breaking down Dell's "potential cybersecurity incident" announcement
Will cybersecurity safety ever equal air travel safety?
Android Ecosystem Security Transparency Report is a wary first step
-
News
View All -
Security automation systems, tools and tactics
Why enterprises need a game plan for automating security
Security experts sound off on the importance and benefits of automating security, and highlight factors to be considered before implementing SOAR tools.
-
Malware, virus, Trojan and spyware protection and removal
Ryuk has earned $3.7 million in ransomware payments
Cybersecurity vendors CrowdStrike and FireEye both published new research that shows an increase in Ryuk ransomware attacks on enterprises, which have earned hackers $3.7 million.
-
Emerging cyberattacks and threats
Global DNS hijacking attacks attributed to Iran
FireEye researchers investigating a DNS hijacking campaign against governments and telecom companies said those who are potential targets of Iran should take precautions.