SearchSecurity
New & Notable
Manage
3 ways to apply security by design in the cloud
Applying security-by-design principles to the cloud may not seem straightforward, but there are several ways to do so. These three areas are a good place to start.
News
Vendors, governments make ransomware decryptors more common
Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working on cracking past and present ransomware threats.
Get Started
Zero trust vs. zero-knowledge proof: What's the difference?
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks.
News
Critical F5 vulnerability under exploitation in the wild
A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild.
Trending Topics
-
Data security and privacy News
Iranian APT Cobalt Mirage launching ransomware attacks
Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks.
-
Threats and vulnerabilities News
New clues point to REvil ransomware gang's return
New research from Secureworks' Counter Threat Unit provides further evidence that the REvil ransomware group, once thought to be defunct, is indeed back on the scene.
-
Identity and access management News
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos
Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm.
-
Security analytics and automation News
Government officials: AI threat detection still needs humans
At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection.
-
Network security News
Critical F5 vulnerability under exploitation in the wild
A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild.
-
Security operations and management Get Started
Cyber-war gaming: A cybersecurity tabletop exercise
Based off military war games, cyber-war gaming examines a company's security posture. Learn how it works, the readiness needed, who should be involved and more.
Topics Covered
Application and platform security
Careers and certifications
Cloud security
Compliance
Data security and privacy
Identity and access management
Network security
Risk management
Security analytics and automation
Security operations and management
Threat detection and response
Threats and vulnerabilities
Featured Authors
Find Solutions For Your Project
-
Evaluate
Case study: Scaling DevSecOps at Comcast
Comcast's DevSecOps transformation started small but quickly gained steam, resulting in 85% fewer security incidents in production. Learn more in this case study.
-
The top secure software development frameworks
-
Do phishing simulations work? Sometimes
-
Data security requires DLP platform convergence
-
-
Problem Solve
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware.
-
Tips for using a threat profile to prevent nation-state attacks
-
Top 7 enterprise cybersecurity challenges in 2022
-
6 types of insider threats and how to prevent them
-
-
Manage
3 ways to apply security by design in the cloud
Applying security-by-design principles to the cloud may not seem straightforward, but there are several ways to do so. These three areas are a good place to start.
-
How to implement an attack surface management program
-
Is cloud critical infrastructure? Prep now for provider outages
-
Why companies should focus on preventing privilege escalation
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | February 2021
Threat detection and response demands proactive stance
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download
Information Security Basics
-
Get Started
Zero trust vs. zero-knowledge proof: What's the difference?
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks.
-
Get Started
What's the difference between zero trust vs. defense in depth?
Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks complement each another.
-
Get Started
Patch Tuesday
Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system (OS) and other Microsoft software.
Multimedia
-
News
View All -
Data security and privacy
Iranian APT Cobalt Mirage launching ransomware attacks
Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by targeting U.S. organizations with ransomware attacks.
-
Threat detection and response
Vendors, governments make ransomware decryptors more common
Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working on cracking past and present ransomware threats.
-
Network security
Critical F5 vulnerability under exploitation in the wild
A remote code vulnerability in F5 BIG-IP network appliances is now being scanned for by threat actors, and some experts have observed exploitation in the wild.
SearchSecurity Definitions
- security information management (SIM)
- WLAN Authentication and Privacy Infrastructure (WAPI)
- mail bomb
- Open System Authentication (OSA)