SearchSecurity
New & Notable
News
Exploits on Exim continue, unpatched versions remain
Though the Exim mail transfer agent vulnerability was publicly disclosed in June 2019, a significant number of unpatched versions remain online and are at risk of attacks.
Manage
4 IAM best practices for the enterprise
Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program.
Evaluate
The benefits of incident response automation
Automating incident response can benefit security both in the cloud and in traditional settings. Expert Dave Shackleford explains what it can be used for and how it helps.
News
VMware Cloud Director flaw jeopardizes VMs
A new vulnerability in VMware Cloud Director allowed any user to obtain control of any virtual machine on a public or private cloud, according to ethical hacking firm Citadelo.
Download: Your Complete Guide to IAM
Utilize this 66-page IAM guide to help you stay on top of the latest best practices and techniques. Security expert Michael Cobb explores the risks and rewards of biometrics measures and multifactor authentication, how organizations can assess if it is time to modernize IAM strategies, and much more.
Trending Topics
-
Emerging threats News
Ransomware attacks see 148% surge amid COVID-19
VMware Carbon Black saw a 148% increase in ransomware attacks in March over baseline levels in February, plus a massive spike in attacks on financial institutions.
-
Windows security News
Another critical flaw discovered in Microsoft's SMB protocol
Microsoft disclosed a new remote code execution vulnerability associated with the Microsoft Server Message Block 3.1.1 (SMBv3) protocol, but there's currently no patch available.
-
PCI DSS Evaluate
Explore the next-generation firewall marketplace
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision
-
Encryption technology Get Started
How symmetric and asymmetric encryption algorithms differ
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and cons.
-
Security industry trends News
Risk & Repeat: Can virtual infosec conferences succeed?
This week's Risk & Repeat podcast looks at the recent cancellations of Black Hat USA 2020 and DEF CON 28 and what their virtual replacements will try to accomplish.
-
CISSP Get Started
Passing the CISSP exam: How hard is it?
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Find Solutions For Your Project
-
Evaluate
The benefits of incident response automation
Automating incident response can benefit security both in the cloud and in traditional settings. Expert Dave Shackleford explains what it can be used for and how it helps.
-
Timeline for SASE adoption moved up to now
-
Guide to preventing coronavirus phishing and ransomware
-
Explore the top 3 benefits of smart cards
-
-
Problem Solve
How CISOs will address the post-pandemic 'normal'
CISO priorities for 2020 were upended when the COVID-19 pandemic hit. Learn two ways forward-thinking CISOs are planning to deal with the new normal.
-
The work-from-home, on-site cybersecurity balance
-
5 steps to effective ransomware network protection
-
Including ransomware in an enterprise incident response plan
-
-
Manage
IoT access control is critical to device, network security
Security technology is still playing catch-up with the new risks and attack vectors associated with IoT. Learn how to improve IoT access control and identity management here.
-
12 Microsoft 365 security best practices to secure the suite
-
How security testing could change after COVID-19
-
How to get actionable threat intelligence from tech tools
-
-
E-Handbook | May 2020
How to get actionable threat intelligence from tech tools
Download -
E-Zine | May 2020
Why CISOs need advanced network security strategies now
Download -
E-Handbook | April 2020
Employ AI for cybersecurity, reap strong defenses faster
Download -
E-Handbook | March 2020
How to implement a strong COVID-19 cybersecurity plan
Download -
E-Handbook | February 2020
Advanced cybersecurity fraud and how to fight it
Download
Information Security Basics
-
Get Started
integrated risk management (IRM)
Integrated risk management (IRM) is an approach to risk management that uses a set of practices and processes to improve an organization's security, risk tolerance profile and strategic decision-making.
-
Get Started
Test your cyber-smarts with this network security quiz
Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit!
-
Get Started
How to use the (free) Spring Security architecture
Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt.
Multimedia
Vendor Resources
- Web Application Vulnerability Report 2020 –White Paper
- 2020 SonicWall Cyber Threat Report –White Paper
- Analyst Report of Bot Management Providers, Q1 2020 –Analyst Report
Blog: Security Bytes
-
Google focuses more on steering the Android ship than righting it
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today.Continue Reading
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
More Security Bytes Posts
Marriott Starwood data breach notification de-values customers
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
-
News
View All -
Virtualization security issues and threats
VMware Cloud Director flaw jeopardizes VMs
A new vulnerability in VMware Cloud Director allowed any user to obtain control of any virtual machine on a public or private cloud, according to ethical hacking firm Citadelo.
-
Data security breaches
Cisco servers breached through SaltStack vulnerabilities
Threat actors exploited critical SaltStack flaws, which were disclosed and patched last month, in a Cisco product to breach several of the networking company's salt-master servers.
-
Open source security tools and software
GitHub discovered backdoors in 26 open source projects
Threat actors conducted an unprecedented supply chain attack by using malware known as Octopus Scanner to create backdoors in open source projects, which were uploaded to GitHub.