Opsec, which stands for operations security, is a process by which organizations assess and protect public data about themselves that could, if properly analyzed and grouped with other data by a clever adversary, reveal a bigger picture that ought to stay hidden.
Stories by Josh Fruhlinger
5G networks will boost wireless throughput by a factor of 10 and may replace wired broadband. But when will they be available, and why are 5G and IoT so linked together?
A honeypot is a system designed to lure hackers into revealing their origins and techniques, and they're used by security researchers and corporate IT alike.
A full-stack developer understands the entire software stack, from the GUI front end to the database back end. However, not everyone agrees on the level of mastery needed to earn the title
Catch a glimpse of what flourishes in the shadows of the internet.
Endpoint security is focused on locking down endpoints — individual computers, phones, tablets and other network-enabled devices — in order to keep networks safe. Of course, as threats evolve, endpoint security suites must evolve as well.
The Chief Security Officer (CSO) is the executive responsible for the organization's entire security posture, both physical and cyber, and has the big picture view of the company's operational risk.
Mirai took advantage of insecure IoT devices in a simple but clever way. It scanned big blocks of the internet for open Telnet ports, then attempted to log in default passwords. In this way, it was able to amass a botnet army.
Spectre and Meltdown are the names given to a trio of variations on a vulnerability that affects nearly every computer chip manufactured in the last 20 years. The flaws are so fundamental and widespread that security researchers are calling them catastrophic.
The TLS protocol encrypts internet traffic of all types, making secure internet communication (and therefore internet commerce) possible. Here are the basics of how it works and what comes next.
From virtual bank heists to semi-open attacks from nation-states, this year has been rough on IT security. Here are some of the major cyber attacks of 2017 and what we can learn from them.
Stolen government hacking tools, unpatched Windows systems, and shadowy North Korean operatives made WannaCry a perfect ransomware storm.
The mistake that caused the Heartbleed vulnerability can be traced to a single line of code in OpenSSL, an open source code library. Here's how Heartbleed works, how it was exploited, and how to fix it if you have an unpatched server.
Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. Its purpose was not just to infect PCs but to cause real-world physical effects. Specifically, it targets centrifuges used to produce the enriched uranium that powers nuclear weapons and reactors.
Ransomware isn't new, but the last few years have seen a remarkable uptick in this particularly nasty genre of attack software. The attacks highlighted here show how it has grown from a curiosity and an annoyance to a major crisis.