Information security risk management

A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.

September 28, 2018 28 Sep'18
DEF CON report: Election equipment plagued by 10-year-old flaw

The DEF CON report from the 2018 Voting Village paints a troubling picture for election equipment vendors, including a machine with a flaw known since 2007 left unpatched.
September 12, 2018 12 Sep'18
Jake Braun discusses the Voting Village at DEF CON

The Voting Village at DEF CON 26 expanded its scope to test every aspect of election security that it could. Organizer Jake Braun discusses how it went and what's next.
September 06, 2018 06 Sep'18
Risk & Repeat: Fortnite flaw disclosure enrages Epic Games

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the dispute between Google and Epic Games over a newly disclosed flaw in the Android version of Fortnite.
August 15, 2018 15 Aug'18
Infosec mental health support and awareness hits Black Hat 2018

While burnout, depression and PTSD can affect anyone, infosec mental health still doesn't often get the attention it deserves, but Black Hat 2018 attempted to change that.

Bring yourself up to speed with our introductory content

Wireshark tutorial: Using Wireshark to sniff network traffic

Learn to use the Wireshark protocol analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer to inspect and analyze network traffic. Continue Reading
ethical hacker

An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their ... Continue Reading
Endgame's Devon Kerr on what it takes to be a threat hunter

Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

UPnP vulnerability: How is the UPnP protocol being misused?

The UPnP protocol is being misused to distribute malware through home routers. Expert Michael Cobb explains the UPnP vulnerability and how to defend against it. Continue Reading
Cybersecurity professionals: Lack of training leaves skills behind

Cybersecurity professionals' increased workloads leave little time for training, leaving their skill sets -- and their companies' data security -- vulnerable to outside threats. Continue Reading
Use an authenticated vulnerability scan to find system flaws

If unsafe computer systems scare the living daylights out of you, tune into this webinar on how to do authenticated vulnerability scans to avoid system damage. Continue Reading

Learn to apply best practices and optimize your operations.

How does the APT attack Double Kill work in Office documents?

The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis. Continue Reading
How does the MnuBot banking Trojan use unusual C&C servers?

IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware differs from those in the past. Continue Reading
How entropy sources interact with security and privacy plans

NIST published a draft of its 'Risk Management Framework for Information Systems and Organizations.' Learn what this report entails, as well as how entropy source controls play a key role. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Teramind CTO talks insider threat prevention, employee monitoring

A fear of insider threats on Wall Street led one software engineer to start his own security company. Continue Reading
Understanding the risk SQL injection vulnerabilities pose

SQL injection vulnerabilities put a system at risk and are often unknown to users. Discover how this web vulnerability works and how to prevent it with expert Kevin Beaver. Continue Reading
How does the Android Rowhammer exploit affect users?

Android Rowhammer is a hardware weakness in older devices that puts users at risk of remote exploits. Expert Michael Cobb explains why it's important to upgrade to newer devices. Continue Reading