SearchSecurity
New & Notable
Chris Krebs weighs in on zero trust, FBI web shell removal
Regarding the FBI action to silently remove web shells from vulnerable Exchange Servers, former CISA director Chris Krebs said he expects to see the action again if appropriate.
Gartner analysts debate ransomware payments
During Gartner's IT Symposium, analysts discussed the complex factors companies face when deciding whether or not to give into ransom demands.
5 questions to ask when creating a ransomware recovery plan
These 'five W's of ransomware' will help organizations ask the right questions when creating a ransomware-specific disaster recovery plan.
'LightBasin' hackers spent 5 years hiding on telco networks
A state-sponsored hacking group has been moving undetected on the networks of more than a dozen telecommunications providers, observing traffic and collecting data for years.
Trending Topics
-
Emerging threats
Best practices to detect and mitigate deepfake attacks
Deepfake technology enables fraudsters to distort reality and commit financial crimes. Learn how the technology works and best practices to mitigate deepfake attacks.
-
Windows security News
Microsoft releases emergency Exchange Server mitigation tool
Microsoft turned its attention to organizations that are slower to patch by releasing an emergency mitigation tool as a temporary fix against current threats.
-
PCI DSS Evaluate
Explore the next-generation firewall marketplace
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision
-
Encryption technology News
Hackers build a better timing attack to crack encryption keys
A new technique for cracking encryption keys can overcome the limitations of popular timing attacks by analyzing network packets, according to researchers at Black Hat 2021.
-
Security industry trends Evaluate
Experts debate XDR market maturity and outlook
Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go.
-
CISSP Get Started
Take this CISSP practice test before the final exam
Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Find Solutions For Your Project
-
Evaluate
The complete guide to ransomware
Organizations in every industry can be targets of cybercrime for profit. Get expert advice on ransomware prevention, detection and recovery in our comprehensive guide.
-
How to evaluate and deploy an XDR platform
-
Top 10 ransomware targets in 2021 and beyond
-
Experts debate XDR market maturity and outlook
-
-
Problem Solve
6 reasons unpatched software persists in the enterprise
Patching is like flossing -- everyone knows they should do it, yet too few do it often and well. Explore why unpatched software is still ubiquitous, despite the risks.
-
How to create a ransomware incident response plan
-
How to prevent ransomware: 6 key steps to safeguard assets
-
How to remove ransomware, step by step
-
-
Manage
5 open source offensive security tools for red teaming
To be an effective red teamer, you need the right tools in your arsenal. These are five of the open source offensive security tools worth learning.
-
5 principles for AppSec program maturity
-
Certified Information Security Manager (CISM)
-
ID management
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | February 2021
Threat detection and response demands proactive stance
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download
Information Security Basics
-
Get Started
script kiddie
Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses.
-
Get Started
cipher
In cryptography, a cipher is an algorithm for encrypting and decrypting data.
-
Get Started
risk analysis
Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.
Multimedia
Blog: Security Bytes
-
Google focuses more on steering the Android ship than righting it
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today.Continue Reading
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
More Security Bytes Posts
Marriott Starwood data breach notification de-values customers
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
-
News
View All -
Government information security management
Chris Krebs weighs in on zero trust, FBI web shell removal
Regarding the FBI action to silently remove web shells from vulnerable Exchange Servers, former CISA director Chris Krebs said he expects to see the action again if appropriate.
-
Information security policies, procedures and guidelines
Gartner analysts debate ransomware payments
During Gartner's IT Symposium, analysts discussed the complex factors companies face when deciding whether or not to give into ransom demands.
-
IPv6 security and network protocols security
'LightBasin' hackers spent 5 years hiding on telco networks
A state-sponsored hacking group has been moving undetected on the networks of more than a dozen telecommunications providers, observing traffic and collecting data for years.
SearchSecurity Definitions
- script kiddie
- cipher
- What is risk analysis?
- What is cybersecurity insurance (cybersecurity liability insurance)?
- What is integrated risk management (IRM)?
- CISO as a service (vCISO, virtual CISO, fractional CISO)
- cryptographic nonce
- decompression bomb (zip bomb, zip of death attack)