10 dumb security mistakes sys admins make

Do as I say, not as I do: Admin mistakes often surpass the severity of those made by users. Here are 10 of the most common -- and their remedies

How to deal with the blind spots in your security created by SSL encrypted traffic

With attackers preying on the security gaps created by encrypted traffic, let’s examine the five most common network traffic inspection errors made today

NIST publishes guidelines for SSH key management: What happens next?

The guidelines provide guidance for enterprises, government agencies and auditors for implementing Secure Shell key management practices and polices

10 reasons why phishing attacks are nastier than ever

Forget Nigerian princes -- today’s spearphishing is sophisticated business, fooling even the most seasoned security pros

007 Tips for keeping your business as secure as MI6

Criminal organizations don’t have James Bond’s resources, but are sophisticated and well funded so you have to continually up your efforts to reduce the threat surface

5 signs your Web application has been hacked

Website defacements? Database dumps? Mysterious files? Here's how to tell if your Web application has been hacked -- and how to secure it once and for all

CISA won’t do much to turn threat intelligence into action

With the Cybersecurity Information Sharing Act (CISA) the feds are trying to make it more attractive to share threat intelligence, but it won’t do much to help businesses deal with the high cost of sorting through what can be an overwhelming flow of possible security incidents.

How CISA encourages both cybersecurity information sharing and warrantless surveillance

By facilitating a stronger cybersecurity defense, the Cybersecurity Information Sharing Act (CISA) could also give the NSA powerful metadata surveillance capabilities. Here are the pros and cons of CISA.

Sony BMG Rootkit Scandal: 10 Years Later

Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview comedy about a planned assassination on North Korea’s leader.

By Bob Brown | 28 October, 2015 21:22

Tags: sony

Fake LinkedIn profiles lure unsuspecting users

Hackers create fictional people on LinkedIn to engage in industrial espionage and social engineering attacks

Top 5 security threats from 3rd parties

From Target to Ashley Madison we’ve witnessed how interconnections with third-party vendors can leave backdoors open to hackers. Here are the top threats

Attackers target OWA for domain credentials

Why spend time targeting Active Directory for domain credentials when Outlook Web Application is just as good -- and far easier to compromise?

By Fahmida Y. Rashid | 07 October, 2015 19:43

Tags: Microsoft, exchange

EMV sets the stage for a better payment future

Most merchants now have EMV credit card readers in place, yielding marginally improved security today -- and a platform for better payment systems arriving soon

GitHub adds hardware-based authentication for developers

GitHub developers will now be able to log in to the code repository using YubiKey hardware keys

Privacy group calls for a boycott of tech companies supporting CISA

An activist group is on a quixotic campaign to punish tech companies who support the controversial information-sharing bill

Why Windows 10 is the most secure Windows ever

With Device Guard and Credential Guard, Windows enjoys unprecedented protection from malware and advanced persistent threats

By Fahmida Y. Rashid | 18 September, 2015 13:00

Tags: Microsoft, Windows 10

Technology that predicts your next security fail

There's both art and science to predictive analytics in a security setting, early adopters say.

Reports of attacks on the Department of Energy raise alarms

The power grid may not be in immediate danger, but that doesn't mean the threat to critical infrastructure isn't there

Extortion or fair trade? The value of bug bounties

Vendors without bug bounty programs risk the wrath of the infosec community, but such programs must be constructed carefully to yield optimal outcomes

Three key challenges in vulnerability risk management

Vulnerability scanning provides visibility into potential land mines, but often just results in data tracked in spreadsheets and independent remediation teams scrambling in different directions. It is time to change from a “find” mentality to a “fix” mentality. Here’s how.

Top Whitepapers

Featured Whitepapers