SearchSecurity
New & Notable
News
Exchange Server bugs caused years of security turmoil
The four high-profile sets of security vulnerabilities in Microsoft Exchange Server, disclosed by researcher Orange Tsai, are set to remain a major concern for organizations.
News
Risk & Repeat: Twitter, Elon Musk and security concerns
This podcast episode discusses Twitter's security concerns following Elon Musk's acquisition last month, as well as possible data breach from 2021 that came to light recently.
News
Tenable: 72% of organizations remain vulnerable to Log4Shell
New research shows the attack surface remains wide for the Log4j vulnerability, known as Log4Shell, which caused significant problems for organizations over the past year.
Problem Solve
How to prevent SQL injection with prepared statements
One of the top defenses against SQL injection is prepared statements. In this book excerpt, learn what prepared statements are and how to extend their defense.
Trending Topics
-
Data Security & Privacy News
Infosec researcher reports possible 'massive' Twitter breach
The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe.
-
Threats & Vulnerabilities News
Cybereason warns of fast-moving Black Basta campaign
Threat actors with the Black Basta ransomware-as-a-service group are compromising networks in as little as one hour and stealing sensitive data before disabling DNS services.
-
IAM News
Twitter users experience apparent SMS 2FA disruption
The 2FA notification disruption occurred after CEO Elon Musk announced plans to shutter a majority of Twitter's microservices, though reasons for the outage are unconfirmed.
-
Analytics & Automation Manage
Industrial control system security needs ICS threat intelligence
Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back.
-
Network Security Manage
WLAN security: Best practices for wireless network security
Follow these wireless network security best practices to ensure your company's WLAN remains protected against the top threats and vulnerabilities.
-
Operations & Management News
Moreno Valley school system shores up ransomware defenses
Moreno Valley Unified School District officials discuss the steps they've taken to better protect sensitive data and critical applications against the growing threat of ransomware.
Topics Covered
Application and platform security
Careers and certifications
Cloud security
Compliance
Data security and privacy
Identity and access management
Network security
Risk management
Security analytics and automation
Security operations and management
Threat detection and response
Threats and vulnerabilities
Featured Authors
Find Solutions For Your Project
-
Evaluate
Top 5 vulnerability scanning tools for security teams
Use these five vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more.
-
Do companies need cyber insurance?
-
Top Kali Linux tools and how to use them
-
Reality check: CISO compensation packages run the gamut
-
-
Problem Solve
How to prevent SQL injection with prepared statements
One of the top defenses against SQL injection is prepared statements. In this book excerpt, learn what prepared statements are and how to extend their defense.
-
Top metaverse cybersecurity challenges: How to address them
-
Common lateral movement techniques and how to prevent them
-
5 ways to overcome multifactor authentication vulnerabilities
-
-
Manage
How to maintain security with an understaffed security team
Unsurprisingly, many companies function without a complete security team. Security tasks often fall to others in the organization. Here's some advice for stand-in security members.
-
WLAN security: Best practices for wireless network security
-
Industrial control system security needs ICS threat intelligence
-
6 ways to prevent privilege escalation attacks
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | February 2021
Threat detection and response demands proactive stance
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download
Information Security Basics
-
Get Started
Common Body of Knowledge (CBK)
In security, the Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.
-
Get Started
buffer underflow
A buffer underflow, also known as a buffer underrun or a buffer underwrite, is when the buffer -- the temporary holding space during data transfer -- is fed data at a lower rate than it is being read from.
-
Get Started
pen testing (penetration testing)
A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, test and highlight vulnerabilities in their security posture.
Multimedia
-
News
View All -
Data security and privacy
Infosec researcher reports possible 'massive' Twitter breach
The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe.
-
Threats and vulnerabilities
Cybereason warns of fast-moving Black Basta campaign
Threat actors with the Black Basta ransomware-as-a-service group are compromising networks in as little as one hour and stealing sensitive data before disabling DNS services.
-
Threat detection and response
Google's new YARA rules fight malicious Cobalt Strike use
Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted.
SearchSecurity Definitions
- Common Body of Knowledge (CBK)
- buffer underflow
- single sign-on (SSO)
- pen testing (penetration testing)
- time-based one-time password
- What is the zero-trust security model?
- RAT (remote access Trojan)
- supply chain attack