SearchSecurity
New & Notable
Manage
Bluetooth implementations affected by new vulnerability
Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated.
News
Firefox Monitor to alert users when visiting a breached site
The promised integration with Have I Been Pwned is expanding in Firefox Monitor with new breach alerts when a user visits a recently compromised website.
News
BlackBerry acquires Cylance for $1.4 billion
BlackBerry made its strongest move yet toward enterprise security with a $1.4 billion acquisition of cybersecurity startup Cylance, which specializes in AI-powered threat protection.
News
Risk & Repeat: Are we winning the war on cybercrime?
On this week's Risk & Repeat podcast, Chet Wisniewski of Sophos discusses his company's latest research and explains why there's reason for optimism in the war on cybercrime.
Instant Download: Free Guide to Password Security
Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.
Trending Topics
-
Emerging threats News
Risk & Repeat: Targeted ransomware attacks increasing
On this week's Risk & Repeat podcast, Chet Wisniewski of Sophos discusses his company's latest research and explains why there's reason for optimism in the war on cybercrime.
-
Windows security Manage
Microsoft vulnerability too difficult to detect
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology News
Microsoft BitLocker misplaces trust in SSDs for encryption
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
-
Security industry trends Manage
Report: More security professionals cross to dark side
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Johna Till Johnson asks:
What are your major concerns regarding a switch to a zero-trust approach to security?
Find Solutions For Your Project
-
Evaluate
How to get to zero trust, even if it's all new to you
Implementing a security policy that, essentially, trusts no one and nothing doesn't have to be overwhelming if you understand the basics behind the security model.
-
How Plead malware is used for cyberespionage attacks
-
Deception tech tools lure in, expose attackers
-
How app wrappers, containers aid mobile security strategies
-
-
Problem Solve
Bluetooth implementations affected by new vulnerability
Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated.
-
How macOS malware bypassed signature checks
-
OSX.Dummy uses chat to attack cryptocurrency investors
-
Strengthening the application security vetting process
-
-
Manage
Container security concerns and best practices
Container security continues to be a pressing issue as containers and hosts are being used more frequently. Learn how to keep your enterprise safe with Matt Pascucci.
-
How Cisco Talos created a Thanatos ransomware decryptor
-
How to avoid web cache poisoning
-
How a phishing campaign targeted Trezor wallets
-
-
E-Handbook | October 2018
SIEM tools, future tech and how to prepare for what's ahead
Download -
E-Zine | October 2018
User behavior analytics tackles cloud, hybrid environments
Download -
E-Handbook | September 2018
Security access controls over identities must be priority
Download -
Buyer's Handbook | August 2018
How to find the best privileged identity management tool
Download -
E-Zine | August 2018
Security data scientists on how to make your data useful
Download
Information Security Basics
-
Get Started
challenge-response authentication
In information security, challenge-response authentication is a type of authentication protocol where one entity presents a challenge or question, and another entity provides a valid response to be authenticated.
-
Get Started
Following NIST guidelines for better incident response
The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step.
-
Get Started
Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
Multimedia
Vendor Resources
- The Total Economic Impact™ of The Armor Complete and Armor Anywhere Solutions –Research Content
- How 1 University Keeps Their Petabytes of Data Safe –Case Study
- Armor File Integrity Monitoring (FIM) –Resource
Blog: Security Bytes
-
Android Ecosystem Security Transparency Report is a wary first step
Reading through Google's first quarterly Android Ecosystem Security Transparency Report feels like a mix of missed opportunities and déjà vu all over again. Much of what is in the new Android ...Continue Reading
-
Google sets Android security updates rules but enforcement is unclear
The vendor requirements for Android are a strange and mysterious thing but a new leak claims Google has added language to force manufacturers to push more regular Android security updates. ...Continue Reading
-
More Security Bytes Posts
Mystery around Trend Micro apps still lingers one month later
FBI, DHS blaming the victims on Remote Desktop Protocol
What the GAO Report missed about the Equifax data breach
-
News
View All -
Data security breaches
Recorded Future names 'Tessa88' threat actor
Researchers at Recorded Future identified the individual behind the notorious "Tessa88" hacker handle, but it's unclear what role he played in the LinkedIn and MySpace breaches.
-
Data security technology and strategy
Amazon tries again to prevent public S3 buckets
Amazon unveils new settings to help users avoid S3 data leaks, but UpGuard's Chris Vickery, who uncovered most AWS exposures, is doubtful the changes will end the problem.
-
Web application and API security best practices
Firefox Monitor to alert users when visiting a breached site
The promised integration with Have I Been Pwned is expanding in Firefox Monitor with new breach alerts when a user visits a recently compromised website.