SearchSecurity
New & Notable
News
Risk & Repeat: Breaking down the Efail flaws
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws.
News
FBI sinkholes VPNFilter malware from APT28
New malware, dubbed 'VPNFilter' by Cisco Talos, infects 500,000 devices and triggers action from Justice Department, which seized and sinkholed the botnet's domain.
Manage
How Meltdown and Spectre threaten hardware security
The Meltdown and Spectre vulnerabilities impact the physical and hardware security of systems, making them extremely difficult to detect. Learn how to prevent these attacks with Nick Lewis.
News
Oh, what a 'Wicked' botnet we weave
Fortinet researchers uncovered a new variant of the Mirai malware, known as the Wicked botnet, which targets vulnerable IoT devices and uses multiple existing exploits.
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
Trending Topics
-
Emerging threats News
Xenotime hacking group threatens ICS security globally
News roundup: Dragos researchers say the group behind the Trisis malware has expanded its ICS attacks. Plus, Roaming Mantis malware now targets iOS devices, and more.
-
Windows security News
Windows 7 Meltdown patches introduce new flaw
A security researcher discovered the recent Windows Meltdown patches may fix the Intel flaws, but also introduced a more severe vulnerability in some versions of Windows.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology News
Risk & Repeat: Ray Ozzie tackles going dark
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Ray Ozzie's solution for going dark, known as Clear, and what infosec experts are saying about it.
-
Security industry trends
Risk & Repeat: RSA Conference recap, part two
In this week's Risk & Repeat podcast, SearchSecurity editors discuss more trends and takeaways from RSA Conference 2018, from incident response services to AI and automation.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Peter Loshin asks:
What steps has your organization taken to keep all network and internet of things devices safe from botnet recruitment?
Find Solutions For Your Project
-
Evaluate
Are Meltdown and Spectre vulnerabilities?
There's been some debate over whether Meltdown and Spectre are true vulnerabilities. Expert Michael Cobb discusses what qualifies as a vulnerability and if these two make the cut.
-
How to hire the security operations center services you need
-
A security operations center for hire? Something to consider
-
How biometric authentication can replace passwords
-
-
Problem Solve
How KRACK endangers encrypted connections
The KRACK vulnerability was found in the WPA2 protocol for wireless networks and it enables attackers to crack encrypted connections. Learn how it works from Nick Lewis.
-
How Bad Rabbit and NotPetya ransomware compare
-
How a new Wi-Fi protocol will better protect IoT devices
-
How the Android Pixel phone got hacked
-
-
Manage
How Meltdown and Spectre threaten hardware security
The Meltdown and Spectre vulnerabilities impact the physical and hardware security of systems, making them extremely difficult to detect. Learn how to prevent these attacks with Nick Lewis.
-
How destruction-of-service attacks affect enterprises
-
How a malvertising campaign can push malware
-
How can Locky ransomware spread through Word docs?
-
-
Buyer's Handbook | May 2018
A security operations center for hire? Something to consider
Download -
E-Handbook | May 2018
How to best secure DNS? There's more than one approach
Download -
E-Handbook | April 2018
Cyber-risk strategies and models for a post-perimeter age
Download -
E-Zine | April 2018
Cloud security threats in 2018: Get ahead of the storm
Download -
E-Handbook | March 2018
The time is ripe to implement cybersecurity automation
Download
Information Security Basics
-
Get Started
What an SOC framework should look like
One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve.
-
Get Started
How to best secure DNS? There's more than one approach
Few aspects of the internet are as crucial as the domain name system. It may be that a 'passive' approach to DNS security is the most effective approach.
-
Get Started
Learn how the DNS Security Extensions work
Securing the DNS protocol is no joke. Learn what the DNS Security Extensions are and the efforts the United States government is taking to push DNSSEC adoption.
Multimedia
Vendor Resources
Blog: Security Bytes
-
Google I/O's security and privacy focus missing on day one
It's fairly easy to find stories sparking security and privacy concerns regarding a Google product or service — Search, Chrome, Android, AdSense and more — but if you watched or attended Google ...Continue Reading
-
Cybersecurity pervasiveness subsumes all security concerns
Given the increased digitization of society and explosion of devices generating data (including retail, social media, search, mobile, and the internet of things), it seems like it might have been ...Continue Reading
-
More Security Bytes Posts
Algorithmic discrimination: A coming storm for security?
GDPR deadline: Keep calm and GDPR on
CrowdStrike unveils Meltdown exploit in unusual fashion
-
News
View All -
Emerging cyberattacks and threats
Xenotime hacking group threatens ICS security globally
News roundup: Dragos researchers say the group behind the Trisis malware has expanded its ICS attacks. Plus, Roaming Mantis malware now targets iOS devices, and more.
-
Emerging cyberattacks and threats
Dragos: Don't get carried away with ICS threats
Dragos' Robert Lee talks with SearchSecurity at RSA Conference 2018 about why there are reasons to be optimistic about the state of ICS security, despite growing threats.
-
Information security laws, investigations and ethics
FBI sinkholes VPNFilter malware from APT28
New malware, dubbed 'VPNFilter' by Cisco Talos, infects 500,000 devices and triggers action from Justice Department, which seized and sinkholed the botnet's domain.