New & Notable
Google Chrome sign-in changes are being criticized by experts, and poor communication from Google has led to more confusion about user privacy and consent.
Microsoft announced that, six months after its introduction, the Cybersecurity Tech Accord has nearly doubled its membership and partnered with the Global Forum on Cyber Expertise.
When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.
Changes to the Sanny malware were recently discovered by FireEye researchers. Learn who is at risk and how elevated privileges can help protect you with Nick Lewis.
Emerging threats News
The idea of cold boot attacks began 10 years ago, but researchers at F-Secure found the attack can be used on modern computers to steal encryption keys and other data.
Windows security News
Security researcher SandboxEscaper released proof-of-concept code for a Windows 10 zero-day on Twitter, but Microsoft has no details for a potential patch.
PCI DSS Get Started
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
Encryption technology Manage
As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option.
In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug.
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Data security technology and strategy (5) +
Enterprise identity and access management (8) +
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
Information security certifications, training and jobs (2) +
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
Information security risk management (3) +
Information security threats (5) +
Network threat detection (4) +
Platform security (3) +
Security audit, compliance and standards (4) +
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
Web security tools and best practices (3) +
Wireless and mobile security (4) +
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Margaret Rouse asks:
What has your experience been with monitoring and filtering payloads of network packets in your organization?
Madelyn Bacon asks:
Do you agree that machine learning will help solve security problems? Why or why not?
Nick Lewis asks:
How are public SSH servers kept safe in your enterprise?
Find Solutions For Your Project
Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage.
A buffer underflow was found to be caused by a vulnerability in strongSwan's open source VPN. Learn how this is possible and how attackers can exploit it with Judith Myerson.
A group of malware was discovered targeting public SSH servers. However, it avoided certain IP addresses. Discover how this is possible and how the malware works with Nick Lewis.
Pro+ Security DownloadsView All
E-Handbook | September 2018Download
Buyer's Handbook | August 2018Download
E-Zine | August 2018Download
E-Handbook | July 2018Download
E-Handbook | June 2018Download
Information Security Basics
The term payload, when used in the context of networking or telecommunications, is the data carried inside of a packet (or other network protocol data units like frames or segments).
A technique called Process Doppelgänging was used by the SynAck ransomware to bypass security software. Expert Michael Cobb explains how this technique works and why it's unique.
Access control is a security technique that regulates who or what can view or use resources in a computing environment.
Blog: Security Bytes
The Government Accountability Office investigated the Equifax data breach, but the GAO's report leaves out several important points about the infamous incident.Continue Reading
The Vote Hacking Village at Defcon 26 in Las Vegas was an overwhelming jumble of activity -- a mock vote manipulated, children hacking election results websites, machines being disassembled -- and ...Continue Reading
More Security Bytes PostsView All Blog Posts
Sections from across SearchSecurity
IoT security issues
A global Ponemon survey of security professionals found that many believe artificial intelligence and machine learning technology will improve enterprise and IoT security.
Government information security management
The new National Cyber Strategy released by the White House details plans for improving cybersecurity and garnered positive early reviews from experts for its comprehensiveness.
Information security laws, investigations and ethics
News roundup: The Mirai botnet creators will not serve time in prison after they worked with the FBI. Plus, the Department of Defense updated its cyber strategy, and more.
- advanced persistent threat (APT)
- whaling attack (whaling phishing)
- Certified Cloud Security Professional (CCSP)
- federated identity management