Manage

Manage

Learn to apply best practices and optimize your operations.

• How does a Bluetooth vulnerability enable validation attacks?

  Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated. Continue Reading

• How does Thanatos ransomware decryptor tool restore data?

  Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been paid. Continue Reading

• How to configure browsers to avoid web cache poisoning

  Web cache poisoning poses a serious threat to web browser security. Learn how hackers can exploit unkeyed inputs for malicious use with expert Michael Cobb. Continue Reading

• How is the Trezor cryptocurrency online wallet under attack?

  A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it with expert Nick Lewis. Continue Reading

• How does the Mylobot botnet differ from a typical botnet?

  The new Mylobot botnet demonstrated new, complex tools and techniques that are modifying botnet attacks. Learn how this botnet differs from a typical botnet with Nick Lewis. Continue Reading

• Insider threat protection: Strategies for enterprises

  Insider threats pose a serious risk to enterprises. Peter Sullivan explains how enterprises can use background checks and risk assessments for insider threat protection.Continue Reading

• What is behind the growing trend of BEC attacks?

  BEC attacks cost over $676 million in 2017, according to the FBI's Internet Crime Report. Learn how to recognize possible BEC attacks from expert Michael Cobb.Continue Reading

• How does site isolation defend against Spectre vulnerabilities?

  Spectre exploits how processors manage performance-enhancing features. Expert Michael Cobb explains Google Chrome's initiative to use site isolation as a defense mechanism.Continue Reading

• How does the public Venmo API pose a threat for users?

  The public Venmo API setting puts users at risk by providing detailed insight into their transactions and personal lives. Expert Michael Cobb discusses the risks of public APIs.Continue Reading

• How testing perspectives helps find application security flaws

  Application security testing requires users to test from all the right perspectives. Discover testing techniques that help find application security flaws with expert Kevin Beaver.Continue Reading

• challenge-response authentication

  In information security, challenge-response authentication is a type of authentication protocol where one entity presents a challenge or question, and another entity provides a valid response to be authenticated.Continue Reading

• NIST incident response plan: 4 steps to better incident handling

  The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step.Continue Reading

• Enterprises should reconsider SMS-based 2FA use after breach

  A Reddit breach was triggered by threat actors intercepting SMS messages used to authenticate employees to access sensitive data. Learn why enterprises should reconsider SMS for 2FA.Continue Reading

• Does pcAnywhere put election management systems at risk?

  ES&S admitted it installed the insecure remote access program pcAnywhere on election management systems. Learn what pcAnywhere is and what this risk means for election systems.Continue Reading

• What are DMARC records and can they improve email security?

  Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson.Continue Reading