SearchSecurity
New & Notable
Burned by Apple, researchers mull selling zero days to brokers
Security researchers have grown frustrated with Apple's lack of communication, ‘silent patching’ of vulnerabilities, denial of bug bounty rewards and other issues.
News
Google digs into Iran's APT35 hacking group
Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated operation aimed at Iran's opponents.
News
Enterprises ask Washington to step up cyber collaboration
During CISA's National Cybersecurity Summit, critical infrastructure companies said they need better information on cyberthreats from the federal government.
What is attack surface management and why is it necessary?
Attack surface management approaches security from the attacker's perspective. Discover how ASM can help better secure your organization's sprawling assets and resources.
Trending Topics
-
Emerging threats
Best practices to detect and mitigate deepfake attacks
Deepfake technology enables fraudsters to distort reality and commit financial crimes. Learn how the technology works and best practices to mitigate deepfake attacks.
-
Windows security News
Microsoft releases emergency Exchange Server mitigation tool
Microsoft turned its attention to organizations that are slower to patch by releasing an emergency mitigation tool as a temporary fix against current threats.
-
PCI DSS Evaluate
Explore the next-generation firewall marketplace
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision
-
Encryption technology News
Hackers build a better timing attack to crack encryption keys
A new technique for cracking encryption keys can overcome the limitations of popular timing attacks by analyzing network packets, according to researchers at Black Hat 2021.
-
Security industry trends Evaluate
Experts debate XDR market maturity and outlook
Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go.
-
CISSP Get Started
Take this CISSP practice test before the final exam
Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Find Solutions For Your Project
-
Evaluate
The complete guide to ransomware
Organizations in every industry can be targets of cybercrime for profit. Get expert advice on ransomware prevention, detection and recovery in our comprehensive guide.
-
How to evaluate and deploy an XDR platform
-
Top 10 ransomware targets in 2021 and beyond
-
Experts debate XDR market maturity and outlook
-
-
Problem Solve
6 reasons unpatched software persists in the enterprise
Patching is like flossing -- everyone knows they should do it, yet too few do it often and well. Explore why unpatched software is still ubiquitous, despite the risks.
-
How to create a ransomware incident response plan
-
How to prevent ransomware: 6 key steps to safeguard assets
-
How to remove ransomware, step by step
-
-
Manage
5 open source offensive security tools for red teaming
To be an effective red teamer, you need the right tools in your arsenal. These are five of the open source offensive security tools worth learning.
-
5 principles for AppSec program maturity
-
Certified Information Security Manager (CISM)
-
ID management
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | February 2021
Threat detection and response demands proactive stance
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download
Information Security Basics
-
Get Started
risk analysis
Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.
-
Get Started
cybersecurity insurance
Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.
-
Get Started
What is integrated risk management (IRM)?
Integrated risk management (IRM) is a set of coordinated business practices and supporting software tools that contribute to an organization's ability to understand and manage risk holistically across all departments and third-party dependencies.
Multimedia
Blog: Security Bytes
-
Google focuses more on steering the Android ship than righting it
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today.Continue Reading
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
More Security Bytes Posts
Marriott Starwood data breach notification de-values customers
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
-
News
View All -
Information security incident response
Accenture sheds more light on August data breach
The IT services giant disclosed in an SEC filing that threat actors stolen and leaked proprietary data during a LockBit ransomware attack earlier this year.
-
Penetration testing, ethical hacking and vulnerability assessments
Burned by Apple, researchers mull selling zero days to brokers
Security researchers have grown frustrated with Apple's lack of communication, ‘silent patching’ of vulnerabilities, denial of bug bounty rewards and other issues.
-
Data security breaches
Google digs into Iran's APT35 hacking group
Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated operation aimed at Iran's opponents.
SearchSecurity Definitions
- What is risk analysis?
- What is cybersecurity insurance (cybersecurity liability insurance)?
- What is integrated risk management (IRM)?
- CISO as a service (vCISO, virtual CISO, fractional CISO)
- cryptographic nonce
- decompression bomb (zip bomb, zip of death attack)
- SSL VPN (Secure Sockets Layer virtual private network)
- next-generation firewall (NGFW)