Risk management

A successful risk management plan helps enterprises identify, plan for and mitigate potential risks. Learn about the components of risk management programs, including penetration tests, vulnerability and risk assessments, frameworks, security awareness training and more.

May 17, 2022 17 May'22
North Korean IT workers targeting US enterprises

North Korean nationals are looking to land jobs at U.S. and European companies to collect sensitive data that could help the reclusive government's military programs.
April 28, 2022 28 Apr'22
Phishing attacks benefiting from shady SEO practices

Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims.
April 21, 2022 21 Apr'22
Zero-day vulnerability exploitation soaring, experts say

Researchers with Mandiant and Google Project Zero say they observed significant increases in exploitation of zero-day vulnerabilities over the past year.
April 15, 2022 15 Apr'22
Corvus: Ransomware costs, ransom payments declining

Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward.

Bring yourself up to speed with our introductory content

How to conduct a cyber-war gaming exercise

A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
How to conduct Linux privilege escalations

Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts. Continue Reading
An introduction to binary diffing for ethical hackers

Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Do phishing simulations work? Sometimes

Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
Unethical vulnerability disclosures 'a disgrace to our field'

The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says. Continue Reading
Traditional IT vs. critical infrastructure cyber-risk assessments

When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging. Continue Reading

Learn to apply best practices and optimize your operations.

Why companies should focus on preventing privilege escalation

If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
Best practices for creating an insider threat program

A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
7 best practices for Web3 security risk mitigation

Tech builders and businesses evaluating decentralized technologies should keep these seven Web3 security best practices in mind to help mitigate traditional and novel cyber threats. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Case study: Why it's difficult to attribute nation-state attacks

If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware. Continue Reading
Tips for using a threat profile to prevent nation-state attacks

Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile. Continue Reading
6 types of insider threats and how to prevent them

From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues. Continue Reading