SearchSecurity
New & Notable
News
DeadBolt ransomware targeting QNAP NAS storage devices
In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix.
News
New vulnerability rating framework aims to fill in CVSS gaps
The CVSS vulnerability scale doesn't always give a clear picture of the risk of a vulnerability, but experts hope the emerging standard called EPSS will provide more clarity.
News
Sophos: Log4Shell impact limited, threat remains
Sophos threat researcher Chet Wisniewski detailed the unexpectedly limited impact Log4Shell had on organizations but warned of future exploitation and risks.
News
Bernalillo County ransomware attack still felt weeks later
A ransomware attack in early January disrupted government systems in New Mexico's largest county, which stalled operations at county offices and the county detention center.
Trending Topics
-
Data security and privacy Get Started
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication.
-
Threats and vulnerabilities News
DeadBolt ransomware targeting QNAP NAS storage devices
In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix.
-
Identity and access management Manage
Use these 6 user authentication types to secure networks
One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates.
-
Security analytics and automation Get Started
Introduction to automated penetration testing
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation?
-
Network security News
Cisco: Patching bugs is about more than CVSS numbers
Cisco's Kenna Security advised enterprises to consider more than just CVSS scores and update advisories when deciding when and how to address security vulnerabilities.
-
Security operations and management Manage
3 areas privacy and cybersecurity teams should collaborate
Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit.
Topics Covered
Application and platform security
Careers and certifications
Cloud security
Compliance
Data security and privacy
Identity and access management
Network security
Risk management
Security analytics and automation
Security operations and management
Threat detection and response
Threats and vulnerabilities
Featured Authors
Find Solutions For Your Project
-
Evaluate
What is cyber hygiene and why is it important?
Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data.
-
Top 10 ransomware targets in 2022 and beyond
-
5 infosec predictions for 2022
-
Is ransomware as a service going out of style?
-
-
Problem Solve
How to mitigate Log4Shell, the Log4j vulnerability
The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat.
-
Enterprise cybersecurity hygiene checklist for 2022
-
Top 4 cloud misconfigurations and best practices to avoid them
-
Why image-based phishing emails are difficult to detect
-
-
Manage
Build a strong cyber resilience strategy with existing tools
Existing security protocols and processes can be combined to build a cyber resilience framework, but understanding how these components relate to each other is key.
-
4 software supply chain security best practices
-
Endpoint security is nothing without human operators
-
3 areas privacy and cybersecurity teams should collaborate
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | February 2021
Threat detection and response demands proactive stance
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download
Information Security Basics
-
Get Started
What does an IT security manager do?
IT security managers need to have a passion for learning and critical-thinking skills, as well as understand intrusion prevention and detection.
-
Get Started
What is shellcode and how is it used?
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk.
-
Get Started
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication.
Multimedia
Blog: Security Bytes
-
Google focuses more on steering the Android ship than righting it
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today.Continue Reading
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
More Security Bytes Posts
Marriott Starwood data breach notification de-values customers
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
-
News
View All -
Threats and vulnerabilities
DeadBolt ransomware targeting QNAP NAS storage devices
In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix.
-
Threats and vulnerabilities
New vulnerability rating framework aims to fill in CVSS gaps
The CVSS vulnerability scale doesn't always give a clear picture of the risk of a vulnerability, but experts hope the emerging standard called EPSS will provide more clarity.
-
Threat detection and response
Sophos: Log4Shell impact limited, threat remains
Sophos threat researcher Chet Wisniewski detailed the unexpectedly limited impact Log4Shell had on organizations but warned of future exploitation and risks.