Problem solve

Information Security Threats

• Advanced cybersecurity fraud and how to fight it

  Cybersecurity fraud's roots run deep, with fraudsters forever after the same thing: tricking others out of their valuable assets. Learn how to keep defenses high. Continue Reading

• How an island-hopping cyberattack works and how to fight back

  Being part of island-hopping is no day at the beach when it comes to cyberattacks. Learn how to avoid being either a victim or an attacker's unwitting accomplice. Continue Reading

• Stop business email compromise with three key approaches

  Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets. Continue Reading

• What is shellcode and how is it used?

  Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk. Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading

• Where machine learning for cybersecurity works best now

  Need to up your endpoint protection endgame? Learn how applying machine learning for cybersecurity aids in the fight against botnets, evasive malware and more.Continue Reading

• Botnet attacks are evolving; your defenses must too

  Botnets are evolving and will continue to plague organizations. There is no one tool that will be sufficient, so it’s time to layer your anti-botnet defenses.Continue Reading

• Get the best botnet protection with the right array of tools

  Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can.Continue Reading

• LDAP injection: How was it exploited in a Joomla attack?

  After eight years, Joomla discovered an LDAP vulnerability that could be exploited by threat actors. Learn how the attack works from expert Matt Pascucci.Continue Reading

• How are hackers using Unicode domains for spoofing attacks?

  A proof of concept showed that hackers can use Unicode domains to make phishing sites look legitimate. Expert Matthew Pascucci explains how this spoofing attack works.Continue Reading

• Ransomware detection and prevention tools you need now

  Enterprises should improve their ransomware defense methods by examining the features in existing security tool deployments and deciding if replacements are needed.Continue Reading

• WannaCry ransomware threat exposes enterprise security shortcomings

  Expert Rob Shapland explains how a confluence of weaknesses in enterprise security led to the WannaCry ransomware threat generating maximum devastation.Continue Reading

• What is the impact of the Siemens SCADA vulnerability?

  Certain Siemens SCADA products were found to be vulnerable to local privilege escalation. Expert Nick Lewis explains how the SCADA vulnerability works and how to protect your systems.Continue Reading

• How did firmware create an Android backdoor in budget devices?

  An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices.Continue Reading

• Android VPN apps: How to address privacy and security issues

  New research on Android VPN apps revealed the extent of their privacy and security flaws. Expert Kevin Beaver explains how IT professionals can mitigate the risks.Continue Reading

• How does the Drammer attack exploit ARM-based mobile devices?

  Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors.Continue Reading

• How can attacks bypass ASLR protection on Intel chips?

  An Intel chip flaw lets attackers bypass ASLR protection on most operating systems. Expert Michael Cobb explains the vulnerability and how to prevent attacks.Continue Reading

• How can enterprises leverage Google's Project Wycheproof?

  Google's Project Wycheproof tests crypto libraries for known vulnerabilities, but there are potential drawbacks to this tool. Expert Matthew Pascucci explains them.Continue Reading

• What are the best anti-network reconnaissance tools for Linux systems?

  Anti-network reconnaissance tools can prevent attackers from getting access to system information. Expert Judith Myerson goes over the best enterprise options.Continue Reading

• Monitoring outbound traffic on your network: What to look for

  Outbound network traffic remains a weakness for many enterprises and is a major attack vector. Expert Kevin Beaver explains how to spot irregular occurrences in your network.Continue Reading

• Are bug bounty programs secure enough for enterprise use?

  The use of bug bounty programs in enterprises is growing, but they aren't risk free. Expert Mike O. Villegas discusses some concerns related to bug bounties.Continue Reading

• How can embedded documents be used to attack enterprises?

  A flaw in Microsoft allows attackers in through executable embedded documents. Expert Nick Lewis explains the vulnerability and how enterprises can stop it.Continue Reading

• How can enterprises stop the OpenSSH vulnerability?

  An OpenSSH vulnerability allows hackers to easily access passwords with a brute force attack. Expert Michael Cobb explains how to mitigate this flaw.Continue Reading

• How can malware sinkholing improve advanced threat defense?

  Learn how malware sinkholing is helping security experts analyze infected devices and even disable malware in compromised endpoints.Continue Reading

• Windows 10 security fixes longtime OS vulnerabilities

  Windows 10 security incorporates years of improvements to remove or mitigate long-term issues with Windows vulnerabilities.Continue Reading

• The malware lifecycle: Knowing when to analyze threats

  Not responding to low-level threats can be perilous, yet enterprises can't always examine each issue. Expert Nick Lewis explains when an investigation is imperative.Continue Reading

• App security: Surviving the merger and acquisition process

  Some companies are trying to head off information security glitches before they sign on the dotted line, with help from security officers.Continue Reading

• ERP security: How to defend against SAP vulnerabilities

  A recent study revealed more than 95% of SAP systems were exposed to potentially disastrous vulnerabilities. Expert Nick Lewis explains how to mitigate these SAP vulnerabilities and maintain ERP security.Continue Reading

• How can the Angler exploit kit's latest capabilities be mitigated?

  As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick Lewis advises how to mitigate the threat.Continue Reading

• Can thinking like cyberattackers improve organizations' security?

  Getting in the minds of cyberattackers can help organizations mount better defenses against attacks. Here are some ways to accomplish this.Continue Reading

• How can I ensure a rootkit removal was successful?

  A rootkit was found and you think you've removed it, but how do you confirm it? Enterprise threats expert Nick Lewis explains the next steps to ensure rootkit removal.Continue Reading

• Can Detekt identify remote administration Trojans and spyware?

  State-sponsored malware and commercial surveillance software can be difficult to identify. Expert Nick Lewis explains how the Detekt tool can help.Continue Reading

• Understanding and mitigating a FREAK vulnerability attack

  After the discovery that the FREAK vulnerability can affect a wide variety of OSes, enterprises should amp up mitigation efforts. Here's some background on the attack and how to stop it.Continue Reading

• Is paying the ransom the only way to remove ransomware?

  Should organizations pay the money to save their attacker-encrypted data and remove ransomware? Expert Mike O. Villegas advises enterprises on the best approach.Continue Reading

• Security lessons from the NSA malware defense report

  The NSA's Information Assurance Directorate released a report on malware defense. Uncover which guidance and best practices would be fruitful to integrate into your enterprise security plan.Continue Reading

• Are enterprise devices vulnerable to NAT-PMP security threats?

  Network Address Translation - Port Mapping Protocol implementations may cause vulnerabilities on networking devices. Expert Kevin Beaver offers pointers for testing and mitigating such risks.Continue Reading

• Five steps for improving an authenticated vulnerability scan

  Running an authenticated vulnerability scan can help detect flaws in your system, yet many organizations don't invest in this methodology. Security expert Kevin Beaver discusses five ways to get the most out of an authenticated vulnerability scan.Continue Reading

• Debunking the myths of authenticated vulnerability scans

  When it comes to authenticated vulnerability scans, there are many misunderstandings about the technology that leave organizations wary. Security expert Kevin Beaver explains what to expect from your scans.Continue Reading

• Inside the BREACH attack: How to avoid HTTPS traffic exploits

  Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk.Continue Reading

• Armitage tutorial: How to use Armitage for vulnerability assessments

  Video: In this Armitage tutorial, Keith Barker of CBT Nuggets shows how to use the Metasploit add-on to perform vulnerability assessments.Continue Reading

• Cyberwar calls for software and system investment, not hacking back

  Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.Continue Reading

• Targeted attack protection: Step-by-step preparation and mitigation

  Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.Continue Reading

• Adopt Zero Trust to help secure the extended enterprise

  Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Continue Reading

• Personal online banking at work: Avoiding online banking security issues

  Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.Continue Reading

• Which tools will help in validating form input in a website?

  Find out how to validate form input in a website.Continue Reading

• Playing patch up: It's time to change the patch management process

  Persistently vulnerable software has enterprises searching for a way to better their patch management processes and not patch up willy-nilly.Continue Reading

• The security costs of outsourcing software development

  Before outsourcing software development, enterprises should make sure they perform due diligence and understand the associated security costs.Continue Reading

• Implementing security policies to make them stick

  Learn how better technology, war stories and enforcement can make implementing security policies a company-wide activity.Continue Reading

• Marcus Ranum's top free network security tools

  In conscious contrast to Fyodor's list of top free network security tools, Marcus Ranum suggests enterprises implement a mix of defensive and offensive freeware.Continue Reading

• How to solve the growing enterprise issue of cyber menace

  This issue of Information Security offers a six-part special report on the growing threat of viruses and worms and how enterprises can best battle the never-ending cyber menace.Continue Reading

• The best malware program to defeat unwanted, non-viral code

  The best malware program supports a healthy system because it is naturally more resistant to all forms of malicious attacks.Continue Reading

• Predicting the future of malware and tomorrow's malicious code

  The future of malware will grow exponentially. David Harley presents his predictions on blended threats, e-mail exploits, social engineering and more.Continue Reading

• Secure reads: Building Secure Software

  Building Secure Software covers new vulnerabilities and explains how software vendors can stop attacks with secure coding practices.Continue Reading

• Secure Reads: Web Security, Privacy and Commerce, Second Edition

  Web Security, Privacy and Commerce, Second Edition is successfully divided into four sections that highlight the important changes in the technology industry.Continue Reading

• Simplify enterprise patch management with the proper tools

  Read about various commercial and free enterprise patch management options that can help keep your distributed environment safe.Continue Reading

• Four steps to sound security vulnerability management

  If you're bedeviled by swarms of alerts, you can take control by practicing good security vulnerability management with these four steps.Continue Reading

• Control wireless vulnerabilities before they control you

  While mobile computing is constantly growing in the market, wireless vulnerabilities inevitably grow as well. It is important to have your defenses ready.Continue Reading

• Gateway filtering and server hardening: Security sans user complaints

  Incremental changes, including gateway filtering and server hardening, will lead to a tighter security model without provoking too much user backlash.Continue Reading