SearchSecurity
New & Notable
News
Stuxnet vulnerability left unfixed 10 years later
A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020.
News
Not just politics: Disinformation campaigns hit enterprises, too
In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises.
News
Voting vendor ES&S unveils vulnerability disclosure program
Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities.
News
CISA chief: Ransomware could threaten election security
During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security.
Download: Your Complete Guide to IAM
Utilize this 66-page IAM guide to help you stay on top of the latest best practices and techniques. Security expert Michael Cobb explores the risks and rewards of biometrics measures and multifactor authentication, how organizations can assess if it is time to modernize IAM strategies, and much more.
Trending Topics
-
Emerging threats News
Eclypsium reveals 'BootHole' bypass for Secure Boot
Hardware security vendor Eclypsium discovered a bootloader vulnerability that bypasses Secure Boot protection and affects a majority of modern Linux and Windows systems.
-
Windows security News
'SigRed' alert: Experts urge action on Windows DNS vulnerability
Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft.
-
PCI DSS Evaluate
Explore the next-generation firewall marketplace
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision
-
Encryption technology Get Started
How symmetric and asymmetric encryption algorithms differ
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and cons.
-
Security industry trends News
Risk & Repeat: Can virtual infosec conferences succeed?
This week's Risk & Repeat podcast looks at the recent cancellations of Black Hat USA 2020 and DEF CON 28 and what their virtual replacements will try to accomplish.
-
CISSP Get Started
Passing the CISSP exam: How hard is it?
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Find Solutions For Your Project
-
Evaluate
7 security awareness statistics to keep you up at night
As if protecting corporate systems and data wasn't hard enough, beware of another potential foe: those well-meaning but woefully uninformed staff members.
-
The case for cybersecurity by design in application software
-
Importance of cybersecurity awareness never greater
-
Putting MFA in context: Pros and cons of biometrics
-
-
Problem Solve
Security risks highlight need for shadow IT policy
Security risks have increased during the pandemic as remote workers try to get things done. Find out how CISOs can better manage by creating a shadow IT policy.
-
Security pros explain how to prevent cyber attacks
-
Understanding and blocking HTTP request smuggling
-
Explore 6 types of authentication and their security issues
-
-
Manage
Avoid cybersecurity oversights with a fresh perspective
It pays to expect the unexpected in information security. In this webinar, learn how starting with a blank slate helps identify and mitigate common cybersecurity problems.
-
10 tips for cybersecurity awareness programs in uncertain times
-
How to transition seamlessly from DevOps to DevSecOps
-
Develop internal cybersecurity talent to build your dream team
-
-
E-Zine | August 2020
Cybersecurity education for employees: Learn what works
Download -
E-Handbook | May 2020
How to get actionable threat intelligence from tech tools
Download -
E-Zine | May 2020
Why CISOs need advanced network security strategies now
Download -
E-Handbook | April 2020
Employ AI for cybersecurity, reap strong defenses faster
Download -
E-Handbook | March 2020
How to implement a strong COVID-19 cybersecurity plan
Download
Information Security Basics
-
Get Started
PCI DSS 12 requirements
PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).
-
Get Started
How to send sensitive data in an email attachment
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits.
-
Get Started
Test your cybersecurity knowledge with this quick ISM quiz
Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment.
Multimedia
Vendor Resources
Blog: Security Bytes
-
Google focuses more on steering the Android ship than righting it
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today.Continue Reading
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
More Security Bytes Posts
Marriott Starwood data breach notification de-values customers
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
-
News
View All -
Microsoft Patch Tuesday and patch management
Stuxnet vulnerability left unfixed 10 years later
A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020.
-
Social media security risks
Not just politics: Disinformation campaigns hit enterprises, too
In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises.
-
Penetration testing, ethical hacking and vulnerability assessments
Voting vendor ES&S unveils vulnerability disclosure program
Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities.