Recently on SearchSecurity
Project Zero finds Logitech Options app critically flawed
Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but the peripheral device maker has yet to address the flaw.
More Highlights
- Risk & Repeat: NRCC breach stokes election security fears
This week's Risk & Repeat podcast looks at the recently disclosed cyberattack on the National Republican Congressional Committee and the questions that remain about it.
- Operation Sharpshooter targets infrastructure around the world
Operation Sharpshooter is a recently discovered global cyberattack campaign targeting critical infrastructure organizations, including nuclear, defense and financial companies.
- How a flaw in Apple DEP misuses an MDM server
Hackers are able to enroll their devices in an organization's MDM servicer via a flaw in Apple DEP. Expert Michael Cobb explains how hackers conduct these attacks.
Definitions
- RSA algorithm (Rivest-Shamir-Adleman)
The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network such as the internet.
- remote access
Remote access is the ability to access a computer or a network remotely through a network connection.
- IP Spoofing
IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.
Browse Security Topics
Data security
In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data security and protection strategies offers advice on how to lock down stored data, data backup and recovery, disk and file encryption and database security.
Recent Definitions
- RSA algorithm (Rivest-Shamir-Adleman)
The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network such as the internet.
- remote access
Remote access is the ability to access a computer or a network remotely through a network connection.
- cipher
In cryptology, the discipline concerned with the study of cryptographic algorithms, a cipher is an algorithm for encrypting and decrypting data.
Highlights
- Mitre enters product testing with Mitre ATT&CK framework
- Marriott discloses Starwood data breach affecting 500 million guests
- Ponemon study shows data valuation discrepancies in enterprises
More Data security Topics
- Data loss prevention technology
- Data security and cloud computing
- Data security breaches
- Data security strategies and governance
- Disk and file encryption tools
Identity and access management
Identity and access management tools are integral to maintaining data security in the enterprise. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.
Recent Definitions
- RSA algorithm (Rivest-Shamir-Adleman)
The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security services or purposes -- which enables public key encryption and is widely used to secure sensitive data, particularly when it is being sent over an insecure network such as the internet.
- remote access
Remote access is the ability to access a computer or a network remotely through a network connection.
- smart card
A smart card is a physical card that has an embedded integrated chip that acts as a security token.
Highlights
- Project Zero finds Logitech Options app critically flawed
- 5 actionable deception-tech steps to take to fight hackers
- IAM system strategy identifies metrics that work for business
More Identity and access management Topics
- Active Directory security
- Biometric technology
- Password management and policy
- PKI and digital certificates
- Privileged access management
- Single-sign on (SSO) and federated identity
- Two-factor and multifactor authentication strategies
- Web authentication and access control
Network security
Recent Definitions
- remote access
Remote access is the ability to access a computer or a network remotely through a network connection.
- IP Spoofing
IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.
- smart card
A smart card is a physical card that has an embedded integrated chip that acts as a security token.
Highlights
- FragmentSmack: How is this denial-of-service exploited?
- Still no answers to endpoint security protection, survey finds
- Still no answers to endpoint security protection, survey finds
More Network security Topics
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
Security training and jobs
The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.
Recent Definitions
- ethical hacker
An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their permission -- to find security vulnerabilities that a malicious hacker could potentially exploit.
- Cloud Security Alliance (CSA)
The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.
- Certified Cloud Security Professional (CCSP)
The Certified Cloud Security Professional (CCSP) certification is intended for experience IT professionals who have a minimum of five years of experience in the industry with three of those years being in information security and one year in one of the six CCSP domains.
Highlights
- (ISC)2: Cybersecurity workforce shortage nears 3 million worldwide
- At (ISC)² Security Congress 2018, a congressman calls for action
- (ISC)² Security Congress 2018 tackles industry challenges
More Security training and jobs Topics
Back to TopInfosec programs
CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.
Recent Definitions
- Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
- honeypot (computing)
A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.
- graceful shutdown and hard shutdown
Graceful shutdown and hard shutdown are two opposing methods of turning off a computer. A graceful shutdown is when a computer is turned off by software function and the operating system (OS) is allowed to perform its tasks of shutting down processes and closing connections. A hard shutdown is when the computer is forcibly shut down by interruption of power.
Highlights
- Risk & Repeat: NRCC breach stokes election security fears
- Equifax breach report highlights multiple security failures
- Can deception security tactics turn the tables on attackers?
More Infosec programs Topics
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
Risk management strategies
A risk management program is a key component for enterprise security. This section offers insight on security risk management frameworks and strategies as well as best practices on conducting effective risk assessments, vulnerability assessments, penetration tests and more.
Recent Definitions
- pen test (penetration testing)
Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
- honeypot (computing)
A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.
- buffer underflow
Buffer underflow, also known as buffer underrun or buffer underwrite, is a threat to data that typically occurs when the temporary holding space during information transfer, the buffer, is fed at a lower rate than it is being read from.
Highlights
- FragmentSmack: How is this denial-of-service exploited?
- How the SHA-3 competition declared a winning hash function
- Can deception security tactics turn the tables on attackers?
More Risk management strategies Topics
- Penetration testing, ethical hacking and vulnerability assessments
- Risk assessments, metrics and frameworks
- Security awareness training and insider threats
Information security threats
Mitigating information security threats is an ongoing battle. Here you'll find information on the latest malware and cyberattacks facing enterprises, from viruses and Trojans to social engineering techniques, as well as news, expert advice and learning tools to address these threats.
Recent Definitions
- cyber vigilantism
Cyber vigilantism is a rough approximation of law enforcement or an attempt at achieving justice or accomplishing something online through unauthorized channels.
- challenge-response authentication
In information security, challenge-response authentication is a type of authentication protocol where one entity presents a challenge or question, and another entity provides a valid response to be authenticated.
- honeypot (computing)
A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.
Highlights
- How does the new Dharma Ransomware variant work?
- Operation Sharpshooter targets infrastructure around the world
- Why is preloading HTTP Strict Transport Security risky?
More Information security threats Topics
- Cyberespionage and nation-state cyberattacks
- Email and messaging threats
- Emerging cyberattacks and threats
- Hacker tools and techniques: Underground hacking sites
- Malware, virus, Trojan and spyware protection and removal
Network threat detection
Get news, tips and expert advice on network threat detection. This resource will cover the latest trends and technology around network threats and threat detection systems and services. Learn how to uncover, analyze and address network vulnerabilities to mitigate the risk of cyberattacks.
Recent Definitions
- IP Spoofing
IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.
- honeypot (computing)
A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.
- virtual honeypot
A virtual honeypot is software that emulates a vulnerable system or network to attract intruders and study their behavior. Virtual honeypots contrast with hardware-based honeypots, which are dedicated computers, networks or network segments designed to serve the same purpose. Virtual honeypots, as virtual machines, may exist in multiple configurations on a single computer or appliance to emulate various systems and vulnerabilities.
Highlights
- Product roundup: Features of top SIEM software on the market
- Can deception security tactics turn the tables on attackers?
- 5 actionable deception-tech steps to take to fight hackers
More Network threat detection Topics
- Network intrusion detection and prevention (IDS-IPS)
- Real-time network monitoring and forensics
- SIEM, log management and big data security analytics
- Threat intelligence sharing and services
Platform security
Get the latest news, advice and best practices for platform security. Here you'll find information on vulnerability and threat management, operating system security fundamentals, virtualization security basics, Web security and more.
Recent Definitions
- Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
- IoT security (internet of things security)
IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).
- Microsoft Windows Defender Credential Guard
Microsoft Windows Defender Credential Guard is a security feature that isolates users' login information from the rest of the operating system to prevent theft.
Highlights
- Why is preloading HTTP Strict Transport Security risky?
- Faxploit: How can sending a fax compromise a network?
- How the SHA-3 competition declared a winning hash function
More Platform security Topics
- Alternative operating system security
- Microsoft Windows security
- Virtualization security issues and threats
Security compliance
Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.
Recent Definitions
- Payload (computing)
The term payload, when used in the context of networking or telecommunications, is the data carried inside of a packet (or other network protocol data units like frames or segments).
- security information and event management (SIEM)
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security.
- ingress filtering
Ingress filtering is a method used by enterprises and internet service providers (ISPs) to prevent suspicious traffic from entering a network.
Highlights
- Second Google+ data exposure leads to earlier service shutdown
- U.S. weapon systems cybersecurity failing, GAO report says
- Google security audit begets product changes, German probe
More Security compliance Topics
- Data privacy issues and compliance
- HIPAA
- IT security audits and audit frameworks
- PCI Data Security Standard
Software security
Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.
Recent Definitions
- IP Spoofing
IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.
- Secure Shell (SSH)
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
- denial-of-service attack
A denial-of-service attack is a security event that occurs when an attacker prevents legitimate users from accessing specific computer systems, devices, services or other IT resources.
Highlights
- Project Zero finds Logitech Options app critically flawed
- How did WhatsApp vulnerabilities get around encryption?
- Software security podcast library
More Software security Topics
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
Web security tools
Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.
Recent Definitions
- pen test (penetration testing)
Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
- digital signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
- denial-of-service attack
A denial-of-service attack is a security event that occurs when an attacker prevents legitimate users from accessing specific computer systems, devices, services or other IT resources.
Highlights
- Second Google+ data exposure leads to earlier service shutdown
- Can deception security tactics turn the tables on attackers?
- 5 actionable deception-tech steps to take to fight hackers
More Web security tools Topics
- Web application and API security best practices
- Web browser security
- Web server threats and application attacks
Wireless and mobile security
In this guide, get advice on tools, software and tactics for wireless network security and wireless mobile device security. Learn how to build and maintain a secure wireless LAN, how to protect mobile devices, and how to successfully configure, implement and manage a solid wireless network.
Recent Definitions
- smart card
A smart card is a physical card that has an embedded integrated chip that acts as a security token.
- one-time password (OTP)
A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.
- Google Play Protect
Google Play Protect is a malware protection and detection service built into Android devices that use Google Mobile Services.
Highlights
- How a flaw in Apple DEP misuses an MDM server
- Facebook app permissions skirted rules to gather call logs
- How did WhatsApp vulnerabilities get around encryption?
More Wireless and mobile security Topics
- BYOD and mobile device security best practices
- Mobile application security best practices
- Mobile security threats and prevention
- Wireless network security