Information security threats

Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.

Top Stories

Tip 28 Aug 2024
Stop phishing with help from updated DMARC policy handling

Exchange admins got a boost from Microsoft when it improved how it handles DMARC authentication failures to help organizations fight back from email-based attacks on their users. Continue Reading
By
- Helen Searle-Jones, Tritech Group
Tip 18 Jul 2024
What dangling pointers are and how to avoid them

Plenty of legacy systems are vulnerable to attackers looking for dangling pointers to gain unauthorized access. Learn how to identify dangling pointers and protect your network. Continue Reading
By
- Michael Cobb

Tip 01 Jul 2024
Top 10 cybersecurity interview questions and answers

Interviewing for a job in cybersecurity? Memorizing security terms won't cut it. Here are the 10 interview questions you should be ready for -- and how to answer them. Continue Reading
By
- Steve Zurier, ZFeatures
Definition 15 May 2024
Common Vulnerability Scoring System (CVSS)

The Common Vulnerability Scoring System (CVSS) is a public framework for rating the severity and characteristics of security vulnerabilities in information systems. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
- Madelyn Bacon, TechTarget
Definition 15 Mar 2024
virus (computer virus)

A computer virus is a type of malware that attaches itself to a program or file. A virus can replicate and spread across an infected system and it often propagates to other systems, much like a biological virus spreads from host to host. Continue Reading
By
- Robert Sheldon
- Mike Chapple, University of Notre Dame
- Crystal Bedell
Definition 06 Feb 2024
dictionary attack

A dictionary attack is a method of breaking into a password-protected computer, network or other IT resource by systematically entering every word in a dictionary, or word list, as a password. Continue Reading
By
- Gavin Wright
Definition 07 Dec 2023
advanced persistent threat (APT)

An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Definition 01 Dec 2023
attack surface

An attack surface is the total number of all possible entry points for unauthorized access into any system. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Katie Terrell Hanna
Tip 28 Sep 2023
How to develop a cybersecurity strategy: Step-by-step guide

A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 19 Sep 2023
How to remove ransomware, step by step

Prevention is key when it comes to ransomware infections. But there are ways to recover data if a device is compromised. Uncover four key steps to ransomware removal. Continue Reading
By
- Paul Kirvan
Tip 06 Sep 2023
How to prevent ransomware in 6 steps

Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices, from defense in depth to patch management, to keep attackers out. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 31 Aug 2023
Types of ransomware and a timeline of attack examples

There are eight main types of ransomware but hundreds of examples of ransomware strains. Learn how the ransomware types work, and review notable ransomware attacks and variants. Continue Reading
By
- Sharon Shea, Executive Editor
- Isabella Harford, TechTarget
Feature 28 Aug 2023
3 ransomware detection techniques to catch an attack

While prevention is key, it's not enough to protect a company's system from ransomware. Reduce damage from attacks with these three ransomware detection methods. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 28 Aug 2023
Should companies make ransomware payments?

Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 18 Jul 2023
The history and evolution of ransomware

Ransomware has evolved from a malicious floppy disk demanding $189 in ransom to a multibillion-dollar industry with ransom for rent, sophisticated techniques and big-name victims. Continue Reading
By
- Sharon Shea, Executive Editor
- Isabella Harford, TechTarget
Definition 24 Jan 2023
backdoor (computing)

A backdoor attack is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms. Continue Reading
By
- Ben Lutkevich, Site Editor
- Brien Posey
Definition 29 Dec 2022
credential theft

Credential theft is a type of cybercrime that involves stealing a victim's proof of identity. Continue Reading
By
- Corinne Bernstein
Feature 20 Dec 2022
20 companies affected by major ransomware attacks in 2021

Between hefty ransom demands, major disruptions and leaked data, 2021 saw major ransomware activity across companies and industries. Continue Reading
By
- Arielle Waldman, News Writer
Definition 16 Dec 2022
GPS jamming

GPS jamming is the act of using a frequency transmitting device to block or interfere with radio communications. Continue Reading
By
- Sarah Lewis
Definition 22 Nov 2022
buffer underflow

A buffer underflow, also known as a buffer underrun or a buffer underwrite, is when the buffer -- the temporary holding space during data transfer -- is fed data at a lower rate than it is being read from. Continue Reading
By
- Sarah Lewis
Feature 05 Sep 2022
What is the future of cybersecurity?

Cybersecurity is top of mind for businesses and their boards amid a relentless rise in cyber threats. What does the future of cybersecurity look like? Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Answer 25 Jan 2022
What is shellcode and how is it used?

Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk. Continue Reading
By
- Michael Cobb
Definition 29 Oct 2021
shoulder surfing

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Continue Reading
By
- Katie Terrell Hanna
Feature 29 Oct 2021
General-purpose security doesn't go far enough for ERP

Organizations need to pay more attention to security as ERP systems move to the cloud, are opened up to other applications and services and face an uptick in cyber attacks. Continue Reading
By
- Jim O'Donnell, News Writer
Guest Post 28 Oct 2021
Applying security to operating models requires collaboration

Balancing business needs with security is more important than ever. Integrating operating models with reference architectures is a key step in the process. Continue Reading
By
- Altaz Valani
Feature 25 Oct 2021
How to use Python for privilege escalation in Windows

Penetration testers can use Python to write scripts and services to discover security vulnerabilities. In this walkthrough, learn how to escalate privileges in Windows. Continue Reading
By
- Kyle Johnson, Technology Editor
- No Starch Press
Feature 25 Oct 2021
Why hackers should learn Python for pen testing

The authors of 'Black Hat Python' explain the importance of learning Python for pen testing, how it helps create scripts to hack networks and endpoints, and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 21 Oct 2021
script kiddie

Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses. Continue Reading
By
- Ben Lutkevich, Site Editor
Guest Post 20 Oct 2021
5 questions to ask when creating a ransomware recovery plan

These 'five W's of ransomware' will help organizations ask the right questions when creating a ransomware-specific disaster recovery plan. Continue Reading
By
- Dustin Milberg
News 19 Oct 2021
Federal agencies issue warning on BlackMatter ransomware

U.S. government agencies say a new family of malware could create problems for critical infrastructure by shutting down critical networks and disrupting commerce. Continue Reading
By
- Shaun Nichols
News 11 Oct 2021
More urgency needed for supply chain security during holidays

In this Q&A, Kyle Rice, CTO at SAP NS2, explains the delicacy of increasingly complex supply chains and why IT needs to be proactive in finding their weakest links. Continue Reading
By
- Jim O'Donnell, News Writer
Feature 30 Aug 2021
Malware analysis for beginners: Getting started

With the cybersecurity industry struggling to fill open positions, now is the time to start in the field. Infosec expert Dylan Barker shares what you should know to be a malware analyst. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 30 Aug 2021
Top static malware analysis techniques for beginners

Malware will eventually get onto an endpoint, server or network. Using static analysis can help find known malware variants before they cause damage. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Tip 30 Aug 2021
Use ISO 22332 to improve business continuity plans

Standards offer guidance on business continuity and disaster recovery plans. ISO 22332 is no exception, providing great detail on how to prepare and execute a BC plan. Continue Reading
By
- Paul Kirvan
Definition 30 Jun 2021
active attack

An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target. Continue Reading
By
- TechTarget Contributor
Guest Post 27 May 2021
3 steps to zero-day threat protection

Don't let a zero-day threat bring down your networks. Follow these three steps to prepare for the unknown and minimize potential damage. Continue Reading
By
- Rohit Dhamankar
Feature 19 May 2021
12 essential features of advanced endpoint security tools

In addition to protecting an organization's endpoints from threats, IT administrators can use endpoint security tools to monitor operation functions and DLP strategies. Continue Reading
By
- Kyle Johnson, Technology Editor
- Linda Rosencrance
Definition 12 May 2021
hacker

A hacker is an individual who uses computer, networking or other skills to overcome a technical problem. Continue Reading
By
- Wesley Chai
- Linda Rosencrance
Definition 11 May 2021
industrial espionage

Industrial espionage is the covert, and sometimes illegal, practice of investigating competitors to gain a business advantage. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Ivy Wigmore
Definition 30 Apr 2021
supply chain security

Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation. Continue Reading
By
- Gavin Wright
- Sarah Lewis
Feature 29 Apr 2021
SolarWinds puts national cybersecurity strategy on display

Biden imposed economic sanctions on Russia for its role in the SolarWinds cyber attack. Experts see the response as just one part of a larger national cybersecurity strategy. Continue Reading
By
- Makenzie Holland, Senior News Writer
Definition 23 Apr 2021
pharming

Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent websites without their knowledge or consent. Continue Reading
By
- TechTarget Contributor
Tip 15 Mar 2021
Endpoint security vs. network security: Why both matter

As the security perimeter blurs, companies often debate the merits of endpoint security vs. network security. However, it shouldn't be an either-or decision. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Guest Post 12 Feb 2021
How SolarWinds attack will change CISOs' priorities

Following cybersecurity best practices used to be enough, but after the SolarWinds supply chain attack, CISOs now have to rethink all their security protocols. Continue Reading
By
- Vishal Salvi
Feature 10 Feb 2021
Enterprise ransomware prevention measures to enact in 2021

Enterprises must shore up their ransomware prevention efforts by strengthening security awareness, adding email controls, and developing and testing incident response plans. Continue Reading
By
- Mary K. Pratt
Tip 09 Feb 2021
Using content disarm and reconstruction for malware protection

Content disarm and reconstruction is a modern approach to removing malicious code from files, key to detecting and thwarting successful phishing and malware attacks. Continue Reading
By
- Michael Cobb
Guest Post 27 Jan 2021
2021 cybersecurity predictions: Oh, where cybersecurity may go

Jonathan Meyers sees 2021 bringing cybersecurity challenges to the forefront, like more cyberattacks on local governments, BYOD security issues and AI and ML overhype. Continue Reading
By
- Jonathan Meyers
News 23 Dec 2020
Security measures critical for COVID-19 vaccine distribution

The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come. Continue Reading
By
- Makenzie Holland, Senior News Writer
- Jim O'Donnell, News Writer
News 07 Dec 2020
Russian state-sponsored hackers exploit VMware vulnerability

The NSA issued a cybersecurity advisory warning government agencies to mitigate as soon as possible, as the vulnerability was disclosed and patched last week. Continue Reading
By
- Arielle Waldman, News Writer
Infographic 02 Nov 2020
COVID-19 cybersecurity data shows rising risk during remote pivot

When enterprises quickly pivoted to remote work during the pandemic, it prompted a wave of new threats while also widening existing gaps in cybersecurity postures. Continue Reading
By
- Jessica Scarpati
Guest Post 21 Oct 2020
Changing the culture of information sharing for cybersecurity

Dan Young explains why it's time for the cybersecurity industry to come together regarding information sharing and how insurance providers, regulators and others could assist. Continue Reading
By
- Dan Young
Guest Post 19 Oct 2020
Combating disinformation campaigns ahead of 2020 election

As the 2020 election approaches, more focus needs to be on overcoming disinformation campaigns that manipulate voters as they vote early or head to the polls on Election Day. Continue Reading
By
- Jason Yakencheck
Guest Post 09 Oct 2020
For Cybersecurity Awareness Month, learn about emerging risks

Tami Hudson examines why leaders should use October to educate themselves and their companies around the latest attacks bad actors are implementing and where to prioritize investment. Continue Reading
By
- Tami Hudson
Guest Post 28 Sep 2020
How to improve cybersecurity for the workforce of the future

Many organizations continue to have employees work from home, but they haven't always hardened their cybersecurity efforts alongside this move to better protect employees and data. Continue Reading
By
- Vishal Salvi
Guest Post 28 Sep 2020
Cybersecurity testing essentials for mergers and acquisitions

Before moving forward with an M&A, conduct some cybersecurity testing to ensure your company knows how the acquired company protects data, employees and customers. Continue Reading
By
- Mark Whitehead
Guest Post 12 Aug 2020
What cybersecurity teams can learn from COVID-19

Nabil Hannan examines key similarities between medical and computer viruses that cybersecurity teams can use to keep businesses protected effectively. Continue Reading
By
- Nabil Hannan
Feature 22 Jul 2020
Zero-trust framework ripe for modern security challenges

What is zero-trust security, and why deploy it now? Analysts explain its importance in the current IT era and how to get started with evaluation and implementation. Continue Reading
By
- Alicia Landsberg, Senior managing Editor
News 15 Jul 2020
Attackers find new way to exploit Docker APIs

Aqua Security released research detailing a new tactic where the attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. Continue Reading
By
- Arielle Waldman, News Writer
Tip 09 Jul 2020
Enhance your cloud threat protection with 5 tools, and more

Explore the best tools and tactics; you'll need the most effective arsenal available to counteract the attackers gunning for your cloud-based workloads and apps. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Tip 10 Jun 2020
How security teams can prevent island-hopping cyberattacks

Learn how to prevent island-hopping cyberattacks to keep hackers from gaining the confidence of a phishing victim who could then accidentally commit corporate financial fraud. Continue Reading
By
- Nick Cavalancia, Techvangelism
Opinion 01 May 2020
Why nation-state cyberattacks must be top of mind for CISOs

Even though organizations face threats coming from many sources, one type of cyberattack should be top of mind for CISOs: those backed by nation-states. Here's why. Continue Reading
By
- Johna Till Johnson, Nemertes Research
01 May 2020

Why nation-state cyberattacks must be top of mind for CISOs

Continue Reading
Infographic 01 May 2020
The state of cybersecurity risk: Detection and mitigation

Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring? Continue Reading
By
- Jessica Scarpati
Feature 01 May 2020
AI-powered cyberattacks force change to network security

Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data. Continue Reading
By
- Robert Lemos
Opinion 01 May 2020
Plan now for the future of network security

How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future. Continue Reading
By
- Ben Cole, Executive Editor
Tip 26 Feb 2020
Stop business email compromise with three key approaches

Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets. Continue Reading
By
- Nick Cavalancia, Techvangelism
Opinion 03 Feb 2020
2 components of detection and threat intelligence platforms

Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Feature 03 Feb 2020
Cisco CISO says today's enterprise must take chances

Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure. Continue Reading
By
- Alissa Irei, Senior Site Editor
Feature 03 Feb 2020
CISOs face a range of cybersecurity challenges in 2020

Every company is unique, of course, but certain challenges are widely shared. Learn what security concerns other CISOs and security leaders are focused on in 2020. Continue Reading
By
- Mary K. Pratt
Feature 03 Feb 2020
Threat intelligence offers promise, but limitations remain

Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity. Continue Reading
By
- Robert Lemos
Opinion 03 Feb 2020
Fresh thinking on cybersecurity threats for 2020

It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
E-Zine 03 Feb 2020

Getting the most from cyberthreat intelligence services

Continue Reading
Feature 28 Jan 2020
'Computer Security Fundamentals:' Quantum security to certifications

New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too. Continue Reading
By
- Sharon Shea, Executive Editor
News 07 Nov 2019
Trend Micro insider threat steals, sells customer data

A Trend Micro employee stole and sold customer support data, which was used by a malicious third-party actor to scam consumer customers of the cybersecurity company. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 05 Nov 2019
application whitelisting

Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. Continue Reading
By
- Brien Posey
- Peter Loshin, Former Senior Technology Editor
Quiz 04 Nov 2019
Test your grasp of AI threats, privacy regulations and more

Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Opinion 01 Nov 2019
CISOs, does your incident response plan cover all the bases?

Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 23 Sep 2019
How to shore up your third-party risk management program

A third-party risk management program has to go beyond questionnaires and poorly designed policies. Learn what you should do to protect yourself against vendor security flaws and core risks. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 19 Aug 2019
How to conduct proper AWS vulnerability scanning in 3 steps

Cloud vulnerability management can be complicated. Learn how to perform AWS vulnerability scans under the shared responsibility model. Continue Reading
By
- Sharon Shea, Executive Editor
- Rob Shapland
Conference Coverage 14 Aug 2019
Latest news from the Black Hat 2019 conference

Learn the latest from this year's Black Hat conference, Aug. 3 to 8. Our team is in Las Vegas to report on what's new in information security risks, trends and defense tactics. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Definition 25 Jun 2019
input validation attack

An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field. Continue Reading
By
- Laura Fitzgibbons
News 12 Jun 2019
Election security threats increasing pressure on state governments

As local and state governments continue to tackle the evolving threat landscape, experts share tips on how to improve security posture and highlight the resources available for help. Continue Reading
By
- Mekhala Roy
Guide 30 May 2019
How best to secure cloud computing in this critical era

Achieving cloud security today demands you continually update your strategy, policy, tactics and tools. This collection of expert advice helps keep your cloud defenses well-tuned. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
News 23 May 2019
Microsoft bets on ElectionGuard SDK to fortify election security

Ahead of the 2020 elections, Microsoft unveiled ElectionGuard, an open source SDK designed to provide end-to-end verification of electronic voting machine results. Continue Reading
By
- Mekhala Roy
Opinion 01 May 2019
Putting cybersecurity for healthcare on solid footing

CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
By
- Alan R. Earls
Feature 01 May 2019
Huawei ban highlights 5G security issues CISOs must tackle

Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
By
- Mary K. Pratt
Feature 01 May 2019
Top cloud security risks that keep experts up at night

Hackers are after your assets in the cloud. Here's how they get in and what you can do to plug security holes, starting with minimizing the risks created through human error. Continue Reading
By
- David Geer, Geer Communications
News 05 Apr 2019
Cybercrime groups continue to flourish on Facebook

Security researchers found cybercrime groups using Facebook out in the open for illegal activity and the findings are very similar to an issue Facebook had last year. Continue Reading
By
- Michael Heller, TechTarget
News 26 Mar 2019
CrowdStrike: Cybercrime groups joining forces to pack more punch

CrowdStrike sounds off on the enhanced partnership between the cybercrime groups behind the TrickBot and BokBot malware and explains what such collaborations signify. Continue Reading
By
- Mekhala Roy
News 22 Mar 2019
Study reveals sale of SSL/TLS certificates on dark web

Security researchers discovered the availability of SSL/TLS certificates for sale on the dark web, which allow cybercriminals to disguise their malicious activity as legitimate. Continue Reading
By
- Mekhala Roy
News 20 Mar 2019
New Mirai malware variant targets enterprise devices

Researchers from Palo Alto Networks have spotted a new variant of the Mirai botnet that is targeting enterprise presentation systems and digital signage with 11 new exploits. Continue Reading
By
- Mekhala Roy
News 13 Mar 2019
Election security threats loom as presidential campaigns begin

Fragile electronic voting systems and the weaponization of social media continue to menace U.S. election systems as presidential candidates ramp up their 2020 campaigns. Continue Reading
By
- Bridget Botelho, Editorial Director, News
News 13 Mar 2019
SANS Institute: DNS attacks gaining steam in 2019

At RSA Conference 2019, experts from the SANS Institute discuss the most dangerous attack techniques they've seen, including DNS manipulation and domain fronting. Continue Reading
By
- Mekhala Roy
News 11 Mar 2019
Zscaler charts sharp increase in SSL threats like phishing, botnets

Threat actors are exploiting encryption protocols to deliver malicious content, according to Zscaler, which found a 400% increase in SSL-based phishing threats last year. Continue Reading
By
- Mekhala Roy
Conference Coverage 07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering

Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
By
- Madelyn Bacon, TechTarget
News 06 Mar 2019
FBI director calls for public-private cybersecurity partnerships

At the recent RSA Conference, FBI Director Christopher Wray called for public-private partnerships to fend off cyberadversaries and threats. Continue Reading
By
- Mekhala Roy
Feature 01 Feb 2019
CISO tackles banking cybersecurity and changing roles

Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
By
- Alan R. Earls
Feature 01 Feb 2019
Top 10 CISO concerns for 2019 span a wide range of issues

From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
By
- Mary K. Pratt
Feature 01 Feb 2019
Battling nation-state cyberattacks in a federal leadership vacuum

Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
By
- Robert Lemos
E-Zine 01 Feb 2019

CISOs build cybersecurity business case amid attack onslaught

Continue Reading
Answer 13 Dec 2018
Why is preloading HTTP Strict Transport Security risky?

Despite being designed to improve security, infosec experts have warned against preloading the HSTS protocol. Learn about the risks of preloaded HSTS with Judith Myerson. Continue Reading
By
- Judith Myerson
News 28 Nov 2018
Botnet takedown snares 3ve, Methbot ad fraud campaigns

The Justice Department indicted eight individuals accused of running major ad fraud campaigns, including the 3ve botnet, which generated millions of dollars in fake ad revenue. Continue Reading
By
- Rob Wright, Senior News Director