Security » Features »

  • 10 dumb security mistakes sys admins make

    Do as I say, not as I do: Admin mistakes often surpass the severity of those made by users. Here are 10 of the most common -- and their remedies

  • How to deal with the blind spots in your security created by SSL encrypted traffic

    With attackers preying on the security gaps created by encrypted traffic, let’s examine the five most common network traffic inspection errors made today

  • NIST publishes guidelines for SSH key management: What happens next?

    The guidelines provide guidance for enterprises, government agencies and auditors for implementing Secure Shell key management practices and polices

  • 10 reasons why phishing attacks are nastier than ever

    Forget Nigerian princes -- today’s spearphishing is sophisticated business, fooling even the most seasoned security pros

  • 007 Tips for keeping your business as secure as MI6

    Criminal organizations don’t have James Bond’s resources, but are sophisticated and well funded so you have to continually up your efforts to reduce the threat surface

  • 5 signs your Web application has been hacked

    Website defacements? Database dumps? Mysterious files? Here's how to tell if your Web application has been hacked -- and how to secure it once and for all

  • CISA won’t do much to turn threat intelligence into action

    With the Cybersecurity Information Sharing Act (CISA) the feds are trying to make it more attractive to share threat intelligence, but it won’t do much to help businesses deal with the high cost of sorting through what can be an overwhelming flow of possible security incidents.

  • How CISA encourages both cybersecurity information sharing and warrantless surveillance

    By facilitating a stronger cybersecurity defense, the Cybersecurity Information Sharing Act (CISA) could also give the NSA powerful metadata surveillance capabilities. Here are the pros and cons of CISA.

  • Sony BMG Rootkit Scandal: 10 Years Later

    Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview comedy about a planned assassination on North Korea’s leader.

  • Fake LinkedIn profiles lure unsuspecting users

    Hackers create fictional people on LinkedIn to engage in industrial espionage and social engineering attacks

  • Top 5 security threats from 3rd parties

    From Target to Ashley Madison we’ve witnessed how interconnections with third-party vendors can leave backdoors open to hackers. Here are the top threats

  • Attackers target OWA for domain credentials

    Why spend time targeting Active Directory for domain credentials when Outlook Web Application is just as good -- and far easier to compromise?

  • EMV sets the stage for a better payment future

    Most merchants now have EMV credit card readers in place, yielding marginally improved security today -- and a platform for better payment systems arriving soon

  • GitHub adds hardware-based authentication for developers

    GitHub developers will now be able to log in to the code repository using YubiKey hardware keys

  • Privacy group calls for a boycott of tech companies supporting CISA

    An activist group is on a quixotic campaign to punish tech companies who support the controversial information-sharing bill

  • Why Windows 10 is the most secure Windows ever

    With Device Guard and Credential Guard, Windows enjoys unprecedented protection from malware and advanced persistent threats

  • Technology that predicts your next security fail

    There's both art and science to predictive analytics in a security setting, early adopters say.

  • Reports of attacks on the Department of Energy raise alarms

    The power grid may not be in immediate danger, but that doesn't mean the threat to critical infrastructure isn't there

  • Extortion or fair trade? The value of bug bounties

    Vendors without bug bounty programs risk the wrath of the infosec community, but such programs must be constructed carefully to yield optimal outcomes

  • Three key challenges in vulnerability risk management

    Vulnerability scanning provides visibility into potential land mines, but often just results in data tracked in spreadsheets and independent remediation teams scrambling in different directions. It is time to change from a “find” mentality to a “fix” mentality. Here’s how.