SearchSecurity
New & Notable
News
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung.
News
Check Point: Ransomware attacks lasted 9.9 days in 2021
Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021.
Problem Solve
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware.
Problem Solve
Tips for using a threat profile to prevent nation-state attacks
Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile.
Trending Topics
-
Data security and privacy News
Check Point: Ransomware attacks lasted 9.9 days in 2021
Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021.
-
Threats and vulnerabilities Manage
Why companies should focus on preventing privilege escalation
If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them.
-
Identity and access management News
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos
Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm.
-
Security analytics and automation News
Government officials: AI threat detection still needs humans
At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection.
-
Network security News
REvil ransomware attacks resume, but operators are unknown
The notorious REvil ransomware gang appears to be up and running once more, as new attacks and malware samples have been observed, but it's unclear who is behind the operation.
-
Security operations and management News
Corvus: Ransomware costs, ransom payments declining
Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward.
Topics Covered
Application and platform security
Careers and certifications
Cloud security
Compliance
Data security and privacy
Identity and access management
Network security
Risk management
Security analytics and automation
Security operations and management
Threat detection and response
Threats and vulnerabilities
Featured Authors
Find Solutions For Your Project
-
Evaluate
Data security requires DLP platform convergence
Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features.
-
What are the benefits and challenges of microsegmentation?
-
Unethical vulnerability disclosures 'a disgrace to our field'
-
Comparing network segmentation vs. microsegmentation
-
-
Problem Solve
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware.
-
Tips for using a threat profile to prevent nation-state attacks
-
Top 7 enterprise cybersecurity challenges in 2022
-
6 types of insider threats and how to prevent them
-
-
Manage
Is cloud critical infrastructure? Prep now for provider outages
The cloud has quickly become critical infrastructure to many organizations. Learn about the top cloud provider outages, and discover tips on preventing disruption during downtime.
-
Why companies should focus on preventing privilege escalation
-
Best practices for creating an insider threat program
-
7 best practices for Web3 security risk mitigation
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | February 2021
Threat detection and response demands proactive stance
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download
Information Security Basics
-
Get Started
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
-
Get Started
How to conduct Linux privilege escalations
Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts.
-
Get Started
An introduction to binary diffing for ethical hackers
Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started.
Multimedia
-
News
View All -
Cloud security
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung.
-
Data security and privacy
Check Point: Ransomware attacks lasted 9.9 days in 2021
Check Point Research and Kovrr found ransomware attack victims paid out 89% of the ransom demand on average in 2019. The figure dropped to 27% in 2020 before rising to 49% in 2021.
-
Data security and privacy
Phishing attacks benefiting from shady SEO practices
Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims.
SearchSecurity Definitions
- Sender Policy Framework (SPF)
- security information management (SIM)
- WLAN Authentication and Privacy Infrastructure (WAPI)
- mail bomb
- Open System Authentication (OSA)
- AAA server (authentication, authorization and accounting)
- content filtering
- SOC 1 (System and Organization Controls 1)