SearchSecurity
New & Notable
News
Risk & Repeat: Are we winning the war on cybercrime?
On this week's Risk & Repeat podcast, Chet Wisniewski of Sophos discusses his company's latest research and explains why there's reason for optimism in the war on cybercrime.
News
Google traffic routed through China after BGP accident
Despite early speculation, experts concluded the BGP route leak that sent Google traffic through China and Russia was due to an accidental misconfiguration and not malicious activity.
News
Agency passwords remain the same years after OPM breach
News roundup: Three years after the OPM data breach, the agency still hasn't implemented basic security. Plus, seven new Meltdown, Spectre attacks were uncovered, and more.
Manage
How Cisco Talos created a Thanatos ransomware decryptor
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been paid.
Instant Download: Free Guide to Password Security
Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.
Trending Topics
-
Emerging threats News
Risk & Repeat: Targeted ransomware attacks increasing
On this week's Risk & Repeat podcast, Chet Wisniewski of Sophos discusses his company's latest research and explains why there's reason for optimism in the war on cybercrime.
-
Windows security Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology News
Microsoft BitLocker misplaces trust in SSDs for encryption
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
-
Security industry trends Manage
Report: More security professionals cross to dark side
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Rob Wright asks:
Will Cylance's threat protection technology mesh with BlackBerry's Spark platform? Why or why not?
-
Michael Heller asks:
What do you think about the early speculation assuming this was a malicious attack?
Find Solutions For Your Project
-
Evaluate
How Plead malware is used for cyberespionage attacks
Cyberespionage hackers have used stolen digital certificates to steal data. Expert Michael Cobb explains how hackers sign Plead malware to conduct these attacks.
-
Deception tech tools lure in, expose attackers
-
How TLS certificates were used to phish Netflix users
-
SIEM tools, future tech and how to prepare for what's ahead
-
-
Problem Solve
How macOS malware bypassed signature checks
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this attack.
-
OSX.Dummy uses chat to attack cryptocurrency investors
-
Strengthening the application security vetting process
-
U2F security keys: Google's solution for phishing
-
-
Manage
How Cisco Talos created a Thanatos ransomware decryptor
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been paid.
-
How to avoid web cache poisoning
-
How a phishing campaign targeted Trezor wallets
-
How a new type of botnet is changing botnet attacks
-
-
E-Handbook | October 2018
SIEM tools, future tech and how to prepare for what's ahead
Download -
E-Zine | October 2018
User behavior analytics tackles cloud, hybrid environments
Download -
E-Handbook | September 2018
Security access controls over identities must be priority
Download -
Buyer's Handbook | August 2018
How to find the best privileged identity management tool
Download -
E-Zine | August 2018
Security data scientists on how to make your data useful
Download
Information Security Basics
-
Get Started
challenge-response authentication
In information security, challenge-response authentication is a type of authentication protocol where one entity presents a challenge or question, and another entity provides a valid response to be authenticated.
-
Get Started
Following NIST guidelines for better incident response
The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step.
-
Get Started
Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
Multimedia
Vendor Resources
- Farewell to Audit Season: Continuous Compliance –White Paper
- Remove the Guesswork from Securing your Business –White Paper
- A Guide to Protecting Microsoft Office 365 from Security Threats –White Paper
Blog: Security Bytes
-
Android Ecosystem Security Transparency Report is a wary first step
Reading through Google's first quarterly Android Ecosystem Security Transparency Report feels like a mix of missed opportunities and déjà vu all over again. Much of what is in the new Android ...Continue Reading
-
Google sets Android security updates rules but enforcement is unclear
The vendor requirements for Android are a strange and mysterious thing but a new leak claims Google has added language to force manufacturers to push more regular Android security updates. ...Continue Reading
-
More Security Bytes Posts
Mystery around Trend Micro apps still lingers one month later
FBI, DHS blaming the victims on Remote Desktop Protocol
What the GAO Report missed about the Equifax data breach
-
News
View All -
Web application and API security best practices
Firefox Monitor to alert users when visiting a breached site
The promised integration with Have I Been Pwned is expanding in Firefox Monitor with new breach alerts when a user visits a recently compromised website.
-
Malware, virus, Trojan and spyware protection and removal
BlackBerry acquires Cylance for $1.4 billion
BlackBerry made its strongest move yet toward enterprise security with a $1.4 billion acquisition of cybersecurity startup Cylance, which specializes in AI-powered threat protection.
-
Cyberespionage and nation-state cyberattacks
Google traffic routed through China after BGP accident
Despite early speculation, experts concluded the BGP route leak that sent Google traffic through China and Russia was due to an accidental misconfiguration and not malicious activity.