Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
News
25 Apr 2024
Cisco zero-day flaws in ASA, FTD software under attack
Cisco revealed a nation-state threat campaign dubbed "ArcaneDoor" exploited two zero-day vulnerabilities in its Adaptive Security Appliance and Firepower Threat Defense products. Continue Reading
-
News
23 Apr 2024
U.S. cracks down on commercial spyware with visa restrictions
The move marks the latest effort by the U.S. government to curb the spread of commercial spyware, which has been used to target journalists, politicians and human rights activists. Continue Reading
-
Definition
02 Mar 2022
Hypertext Transfer Protocol Secure (HTTPS)
Hypertext Transfer Protocol Secure (HTTPS) is a protocol that secures communication and data transfer between a user's web browser and a website. Continue Reading
-
News
01 Mar 2022
Conti ransomware source code, documentation leaked
The Conti ransomware gang's primary Bitcoin address, found in the leak, showed the crime outfit has taken in over $2 billion in cryptocurrency since 2017. Continue Reading
-
News
28 Feb 2022
Conti ransomware gang backs Russia, threatens U.S.
The Conti ransomware gang announced last week that they were in 'full support' of Russia and would retaliate if the West attacked Russian critical infrastructure. Continue Reading
-
Feature
28 Feb 2022
Tips for creating a cybersecurity resume
Resumes help candidates leave an impression on potential employers. But did you know one resume often isn't enough? Learn this and other tips for creating a cybersecurity resume. Continue Reading
-
Feature
28 Feb 2022
How to manage imposter syndrome in cybersecurity
The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice. Continue Reading
-
Feature
28 Feb 2022
Implement API rate limiting to reduce attack surfaces
Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here. Continue Reading
-
Feature
28 Feb 2022
API security methods developers should use
Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated. Continue Reading
-
Tip
25 Feb 2022
Privacy-enhancing technology types and use cases
Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected. Continue Reading
-
News
24 Feb 2022
New data wiper malware hits Ukraine targets
HermeticWiper is similar to another data-wiping malware known as WhisperGate, which was used in cyber attacks against Ukraine last month. Both used ransomware as an apparent decoy. Continue Reading
-
News
24 Feb 2022
New tech, same threats for Web 3.0
Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms. Continue Reading
-
Tip
23 Feb 2022
How to use PKI to secure remote network access
Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
-
News
16 Feb 2022
Kronos attack fallout continues with data breach disclosures
Employees at both public and private sector organizations had their data compromised during a December ransomware attack on Kronos that also took down payroll systems. Continue Reading
-
News
15 Feb 2022
Biometric technology like facial recognition is here to stay
Despite resistance, government agencies and private companies continue to use the technology. A key issue is whether people are informed about how their information will be used. Continue Reading
-
Opinion
14 Feb 2022
Data storage and security make a mission-critical mix
At a time of heightened cyberthreats, IT administrators should look to improve their data storage security. There are numerous proactive ways to prepare for the next attack. Continue Reading
-
News
11 Feb 2022
FBI seized Colonial Pipeline ransom from DarkSide affiliate
New research from Chainalysis claims the DarkSide ransomware affiliate involved in last year's Colonial Pipeline attack also had ties to the NetWalker ransomware operation. Continue Reading
-
News
10 Feb 2022
Why Massachusetts' data breach reports are so high
Massachusetts discloses breaches of companies that affect just a single resident, giving the commonwealth a much larger number of 2021 incidents than other states. Continue Reading
-
News
09 Feb 2022
Google: 2-step verification led to 50% fewer account hacks
Google auto-enrolled more than 150 million users into two-step verification last October and mandated two-step verification for 2 million-plus YouTube accounts. Continue Reading
-
Guest Post
09 Feb 2022
How automated certificate management helps retain IT talent
Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
-
News
08 Feb 2022
Russia continues cybercrime offensive with SkyFraud takedown
Officials in Russia have knocked the SkyFraud credit card fraud operation offline in the latest of a string of police actions against cybercriminals in the region. Continue Reading
-
News
07 Feb 2022
Metaverse rollout brings new security risks, challenges
When companies and users decide to adapt the technologies of the coming metaverse, they will also expose themselves to a new class of security risks and vulnerabilities. Continue Reading
-
News
03 Feb 2022
Cryptocurrency platform Wormhole loses $320M after attack
After a threat actor made off with 120,000 wrapped Ethereum, Wormhole said the stolen cryptocurrency had been 'restored,' but what that means remains in question. Continue Reading
-
News
03 Feb 2022
Distrust, feuds building among ransomware groups
In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model. Continue Reading
-
Feature
02 Feb 2022
A day in the life of a cybersecurity manager
The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule. Continue Reading
-
Feature
02 Feb 2022
Top cybersecurity leadership challenges and how to solve them
Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda. Continue Reading
-
News
02 Feb 2022
SolarMarker malware spread through advanced SEO poisoning
Sophos discovered SolarMarker malware was being distributed through fake SEO-focused topics in Google Groups, as well as malicious PDF files. Continue Reading
-
Feature
31 Jan 2022
How to prepare for malicious insider threats
Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
News
31 Jan 2022
Emsisoft releases DeadBolt ransomware decryption tool
Emsisoft's DeadBolt ransomware decryption tool fixes broken decryptor keys issued by threat actors, and works only if the victim has paid the ransom and received a key. Continue Reading
-
Tip
28 Jan 2022
Protect APIs against attacks with this security testing guide
API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
-
Podcast
28 Jan 2022
Risk & Repeat: The complicated world of Monero
This Risk & Repeat podcast episode looks at the state of Monero, a privacy-focused cryptocurrency, as well as recent cyber attacks against crypto exchanges. Continue Reading
-
Feature
28 Jan 2022
4 data privacy predictions for 2022 and beyond
Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
-
Definition
28 Jan 2022
quantum cryptography
Quantum cryptography is a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data. Continue Reading
-
News
26 Jan 2022
DeadBolt ransomware targeting QNAP NAS storage devices
In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix. Continue Reading
-
Tip
26 Jan 2022
Integrating zero-trust practices into private 5G networks
One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
-
Definition
25 Jan 2022
WORM (write once, read many)
In computer media, write once, read many, or WORM, is a data storage technology that allows data to be written to a storage medium a single time and prevents the data from being erased or modified. Continue Reading
-
News
24 Jan 2022
Monero and the complicated world of privacy coins
Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
-
Tip
21 Jan 2022
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
-
Guest Post
21 Jan 2022
5 infosec predictions for 2022
If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months. Continue Reading
-
Definition
19 Jan 2022
Pretty Good Privacy (PGP)
Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files. Continue Reading
- Definition 19 Jan 2022
-
News
18 Jan 2022
Police seize VPN host allegedly facilitating ransomware
VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web. Continue Reading
-
News
18 Jan 2022
Ransomware actors increasingly demand payment in Monero
Though Bitcoin is still the cryptocurrency standard in ransomware payment demands, Monero has gained prominence due to its more private, less traceable technology. Continue Reading
-
Guest Post
13 Jan 2022
Is ransomware as a service going out of style?
Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach. Continue Reading
-
News
12 Jan 2022
New RAT campaign abusing AWS, Azure cloud services
Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
-
Definition
11 Jan 2022
Rijndael
Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm. Continue Reading
-
Definition
11 Jan 2022
Public-Key Cryptography Standards (PKCS)
Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15. Continue Reading
-
Guest Post
11 Jan 2022
Endpoint security is nothing without human operators
The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough. Continue Reading
-
Tip
10 Jan 2022
3 areas privacy and cybersecurity teams should collaborate
Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit. Continue Reading
-
Opinion
06 Jan 2022
IoT ethics must factor into privacy and security discussions
With the adoption of IoT devices, consumers voluntarily trade privacy for the convenience of instant connectivity. Organizations must consider the ethics of their data collection. Continue Reading
-
News
05 Jan 2022
NY AG's credential stuffing probe finds 1M exposed accounts
The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies. Continue Reading
-
News
05 Jan 2022
FTC warns companies to mitigate Log4j vulnerability
In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed. Continue Reading
-
Feature
04 Jan 2022
Is quantum computing ready to disrupt cybersecurity?
Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
-
Definition
04 Jan 2022
elliptical curve cryptography (ECC)
Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys. Continue Reading
-
Tip
04 Jan 2022
7 API security testing best practices, with checklist
APIs are an increasingly common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
-
Definition
30 Dec 2021
ciphertext feedback (CFB)
In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher. Continue Reading
-
Feature
29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
-
Definition
29 Dec 2021
International Data Encryption Algorithm (IDEA)
The International Data Encryption Algorithm (IDEA) is a symmetric key block cipher encryption algorithm designed to encrypt text to an unreadable format for transmission via the internet. Continue Reading
-
Definition
29 Dec 2021
cryptographic checksum
Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged. Continue Reading
-
Definition
28 Dec 2021
Encrypting File System (EFS)
Encrypting File System (EFS) provides an added layer of protection by encrypting files or folders on various versions of the Microsoft Windows OS. Continue Reading
-
Feature
28 Dec 2021
Types of cybersecurity controls and how to place them
A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
-
Feature
28 Dec 2021
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
-
Definition
23 Dec 2021
cellular automaton (CA)
A cellular automaton (CA) is a collection of cells arranged in a grid of specified shape, such that each cell changes state as a function of time, according to a defined set of rules driven by the states of neighboring cells. Continue Reading
-
Tip
21 Dec 2021
Fortify security with IoT data protection strategies
It's only a matter of time before attackers target IoT data. Organizations must be ready with IoT data security best practices, including data encryption and visibility. Continue Reading
-
News
20 Dec 2021
5 Russians charged in hacking, illegal trading scheme
A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades. Continue Reading
-
Tip
20 Dec 2021
Call center security best practices to protect customer data
If customers know an organization can keep their data safe, they have more positive experiences. These best practices can help establish trust and keep data safe in call centers. Continue Reading
-
News
20 Dec 2021
Apple v. NSO Group: How will it affect security researchers?
While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible. Continue Reading
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
-
News
10 Dec 2021
Dark web posts shed light on Panasonic breach
A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
-
Guest Post
10 Dec 2021
The business benefits of data compliance
Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
-
Feature
08 Dec 2021
Is a passwordless future getting closer to reality?
Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links. Continue Reading
-
News
07 Dec 2021
BadgerDAO users' cryptocurrency stolen in cyber attack
Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems. Continue Reading
-
News
06 Dec 2021
BitMart the latest crypto exchange to suffer cyber attack
BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen. Continue Reading
-
News
02 Dec 2021
Former Ubiquiti engineer arrested for inside threat attack
Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million. Continue Reading
-
Definition
02 Dec 2021
Twofish
Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits. Continue Reading
-
Feature
29 Nov 2021
The components and objectives of privacy engineering
Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives. Continue Reading
-
Feature
29 Nov 2021
The intersection of privacy by design and privacy engineering
Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how. Continue Reading
-
Definition
29 Nov 2021
plaintext
In cryptography, plaintext is usually ordinary readable text before it is encrypted into ciphertext or after it is decrypted. Continue Reading
-
News
23 Nov 2021
Apple files lawsuit against spyware vendor NSO Group
Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
-
News
22 Nov 2021
GoDaddy discloses breach of 1.2M customer account details
Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
-
News
22 Nov 2021
Cryptocurrency exchange BTC-Alpha confirms ransomware attack
While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack. Continue Reading
-
Definition
22 Nov 2021
snooping
Snooping, in a security context, is unauthorized access to another person's or company's data. Continue Reading
-
Definition
15 Nov 2021
BSA | The Software Alliance
BSA | The Software Alliance is an advocate for public policies that foster technology innovation and drive economic growth. Continue Reading
-
Guest Post
15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments
Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
-
News
11 Nov 2021
Aruba Central breach exposed customer data
HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
-
Guest Post
10 Nov 2021
4 concepts that help balance business and security goals
The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
-
Definition
09 Nov 2021
Security Assertion Markup Language (SAML)
Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems. Continue Reading
-
Guest Post
03 Nov 2021
To improve resilience, augment zero-trust models
Zero-trust models are a start, but to improve resilience, they should be augmented and extended to include verification procedures, supply chain security and open source software. Continue Reading
-
News
02 Nov 2021
FBI: Ransomware gangs using financial info to target companies
The FBI assessed that ransomware threat actors are likely using information like mergers, acquisitions and stock valuations to determine vulnerable enterprise targets. Continue Reading
-
News
28 Oct 2021
Hackers upping SSL usage for encrypted attacks, communications
A report from cloud security vendor Zscaler found that cybercriminals are using secure connections to evade detection while carrying out network attacks. Continue Reading
-
News
28 Oct 2021
Twitter details internal Yubico security key rollout
Following last year's breach, Twitter obtained 100% security key enrollment from its 5,500 internal employee accounts within a month of the cutover date. Continue Reading
-
Definition
26 Oct 2021
encryption key
In cryptography, an encryption key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text or to decrypt encrypted text. Continue Reading
-
News
25 Oct 2021
SolarWinds hackers attacking more IT supply chain targets
According to Microsoft, the Russian threat group known as Nobelium has already compromised 14 technology service providers across the United States and Europe. Continue Reading
-
News
18 Oct 2021
Sinclair Broadcast Group suffers ransomware attack, breach
The media giant disclosed a ransomware attack Monday that caused massive disruptions across networks and saw threat actors obtain corporate data. Continue Reading
-
Definition
18 Oct 2021
cipher
In cryptography, a cipher is an algorithm for encrypting and decrypting data. Continue Reading
-
News
14 Oct 2021
Google digs into Iran's APT35 hacking group
Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated operation aimed at Iran's opponents. Continue Reading
-
News
08 Oct 2021
Senators want FTC to enforce a federal data security standard
U.S. Senators debated creating federal data privacy and security standards and providing the FTC with enough resources to enforce them. Continue Reading
-
News
06 Oct 2021
Twitch confirms data breach following massive leak
Leakers claim to have stolen almost 6,000 internal Git repositories, including 'the entirety of Twitch.tv' and content creator payouts. Continue Reading
-
News
23 Sep 2021
Autodiscover flaw in Microsoft Exchange leaking credentials
Guardicore found that exploiting a design flaw in Autodiscover allowed it to capture more than 372,000 Windows domain credentials and nearly 97,000 unique application credentials. Continue Reading
-
Feature
14 Sep 2021
SolarWinds CEO: Breach transparency 'painful' but necessary
SolarWinds CEO Sudhakar Ramakrishna discusses his company's ongoing breach investigation, shares lessons learned from the attack and cautions IT pros on zero trust. Continue Reading
-
News
31 Aug 2021
SEC sanctions financial firms for cybersecurity failures
Three financial services firms were charged with failing to implement proper cybersecurity policies after cyber attacks led to the exposure of customer data. Continue Reading