Manage

Manage

Learn to apply best practices and optimize your operations.

• How does the resurgent VPNFilter botnet target victims?

  After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick Lewis. Continue Reading

• The implications of the NetSpectre vulnerability

  The NetSpectre vulnerability could enable a slow leak of data remotely via side channels. Expert Michael Cobb explains why data on secure microprocessors is not actually safe. Continue Reading

• How did the IcedID and TrickBot banking Trojans join forces?

  The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how it has changed their behaviors. Continue Reading

• How does the APT attack Double Kill work in Office documents?

  The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis. Continue Reading

• How does the MnuBot banking Trojan use unusual C&C servers?

  IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware differs from those in the past. Continue Reading

• How does Apple's Quick Look endanger user privacy?

  Apple's Quick Look feature previews thumbnails that are not encrypted. Learn how this poses a security threat to enterprises from expert Michael Cobb.Continue Reading

• How entropy sources interact with security and privacy plans

  NIST published a draft of its 'Risk Management Framework for Information Systems and Organizations.' Learn what this report entails, as well as how entropy source controls play a key role.Continue Reading

• Prepping your SIEM architecture for the future

  Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates.Continue Reading

• Picking the right focus for web application security testing

  Deciding which web applications on which to focus application security testing is a challenging task. Read this list of considerations to ensure you're addressing the right areas.Continue Reading

• How was Google Firebase security bypassed?

  Google Firebase's inadequate back-end development led to data leaks and vulnerabilities, including HospitalGown. Learn more about this security flaw from expert Michael Cobb.Continue Reading

• How does stegware malware exploit steganography techniques?

  Researchers at the 2018 RSA Conference discussed the increasing availability of malware that uses steganography, dubbed stegware. Discover how this works with expert Nick Lewis.Continue Reading

• User behavior analytics tackles cloud, hybrid environments

  Integration of user behavior analytics as a feature of other security technologies such as SIEM and data loss prevention shows no sign of slowing down. User behavior analytics tools develop baselines and then correlate threat events, user and entity...Continue Reading

• Beware of the gray hat hacker, survey warns

  Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.Continue Reading

• Cloud-first? User and entity behavior analytics takes flight

  The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.Continue Reading

• Industries seek to improve third-party security risk controls

  Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.Continue Reading