New & Notable
News
Azure Pipelines vulnerability spotlights supply chain threats
Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines.
News
Google: Spyware vendors exploiting iOS, Android zero days
Recent campaigns observed by Google's Threat Analysis Group showed spyware vendors' use of zero days and known vulnerabilities pose an increasing threat.
Get Started
Vulnerability management vs. risk management, compared
Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running.
News
Microsoft launches AI-powered Security Copilot
Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model.
Trending Topics
-
Data Security & Privacy News
More victims emerge from Fortra GoAnywhere zero-day attacks
Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises.
-
Threats & Vulnerabilities Get Started
Vulnerability management vs. risk management, compared
Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running.
-
IAM Manage
Centralized vs. decentralized identity management explained
With decentralized identity, organizations can worry less about data security and privacy, while users get more control over their information. But it's not without challenges.
-
Analytics & Automation News
Microsoft launches AI-powered Security Copilot
Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model.
-
Network Security News
U.S. federal agency hacked via 3-year-old Telerik UI flaw
A CISA advisory said multiple threat actors recently exploited a Progress Telerik UI vulnerability, first disclosed in 2019, to breach an unnamed federal civilian agency.
-
Operations & Management
4 ChatGPT cybersecurity benefits for the enterprise
As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits.
Topics Covered
Application and platform security
Careers and certifications
Cloud security
Compliance
Data security and privacy
Identity and access management
Network security
Risk management
Security analytics and automation
Security operations and management
Threat detection and response
Threats and vulnerabilities
Featured Authors
Find Solutions For Your Project
-
Evaluate
Compare breach and attack simulation vs. penetration testing
A deep dive into breach and attack simulation vs. penetration testing shows both tools prevent perimeter and data breaches. Find out how they complement each other.
-
8 cloud detection and response use cases
-
6 principles for building engaged security governance
-
Is cybersecurity recession-proof?
-
-
Problem Solve
How to mitigate low-code/no-code security challenges
Don't adopt low-code/no-code application development approaches without considering these best practices to mitigate and prevent their inherent security risks.
-
SMS pumping attacks and how to mitigate them
-
Why enterprise SecOps strategies must include XDR and MDR
-
Learn about different incident response teams
-
-
Manage
4 cloud API security best practices
APIs make up the majority of web traffic now, but they aren't always kept as secure as needed. Consider implementing these four cloud API security best practices.
-
How to apply and edit Wireshark display filters
-
Customize workflows with Wireshark profiles
-
incident response
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | February 2021
Threat detection and response demands proactive stance
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download
Information Security Basics
-
Get Started
PCI DSS 12 requirements
The PCI DSS 12 requirements are a set of security controls businesses must implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).
-
Get Started
cardholder data (CD)
Cardholder data (CD) is any personally identifiable information (PII) associated with a person who has a credit or debit card.
-
Get Started
PCI DSS merchant levels
Payment Card Industry Data Security Standard (PCI DSS) merchant levels rank merchants based on their number of transactions per year to outline compliance verification requirements.
Multimedia
-
News
View All -
Threat detection and response
3CX desktop app compromised, abused in supply chain attack
3CX customers noticed that several threat detection platforms began flagging and blocking the UC vendor's desktop application last week due to malicious activity in the executable.
-
Application and platform security
Azure Pipelines vulnerability spotlights supply chain threats
Legit Security researchers discovered a remote code execution flaw within Microsoft's Azure DevOps platform that could give threat actors complete control of development pipelines.
-
Application and platform security
Google: Spyware vendors exploiting iOS, Android zero days
Recent campaigns observed by Google's Threat Analysis Group showed spyware vendors' use of zero days and known vulnerabilities pose an increasing threat.
Security Definitions
- PCI DSS 12 requirements
- cardholder data (CD)
- PCI DSS merchant levels
- CSR (Certificate Signing Request)
- authentication factor
- three-factor authentication (3FA)
- cyber espionage
- role-based access control (RBAC)