Features
Features
-
Quishing on the rise: How to prevent QR code phishing
A monthslong quishing campaign demonstrated how cybercriminals are using QR codes to trick users. Here's what enterprise security leaders need to know. Continue Reading
-
The complete guide to ransomware
Organizations in every industry can be targets of cybercrime for profit. Get expert advice on ransomware prevention, detection and recovery in our comprehensive guide. Continue Reading
-
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
-
Blockchain security: Everything you should know for safe use
Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses. Continue Reading
-
Attack surface reduction rules for Microsoft productivity apps
Attack surface reduction rules in Microsoft Defender for Endpoint help prevent apps from launching executable files and scripts, running suspicious scripts and more. Continue Reading
-
Manage security posture with Microsoft Defender for Endpoint
Organizations need to implement security posture management to ensure their cybersecurity strategy can address malicious actions inside and out. Continue Reading
-
Vendors: Threat actor taxonomies are confusing but essential
Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
-
How to use Wfuzz to find web application vulnerabilities
By learning how to use Wfuzz for web application fuzz testing, bug bounty hunters can automate vulnerability discovery. Learn more in this excerpt from 'Bug Bounty Bootcamp.' Continue Reading
-
How to become a bug bounty hunter: Getting started
Finding, exploiting and reporting vulnerabilities can be both lucrative and educational. Security researcher Vickie Li explains how to become a bug bounty hunter. Continue Reading
-
The potential danger of the new Google .zip top-level domain
How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them. Continue Reading
-
7 ways to mitigate CISO liability and risk
Recent civil and criminal cases have brought CISO liability questions to the fore. Learn how to understand and manage personal risk exposure as a security executive. Continue Reading
-
How to implement principle of least privilege in Azure AD
Restricting users' permissions in Microsoft Azure AD to only what they need to complete their job helps secure and reduce the cloud attack surface. Continue Reading
-
How to start handling Azure network security
Before adopting Microsoft Azure, it's important to consider how to secure the cloud network. That's where network security groups and Azure Firewall come in. Continue Reading
-
Studies show ransomware has already caused patient deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
-
Where climate change and cyber attacks intersect
One session at RSA Conference 2023 focused on climate change -- a topic that is not commonly featured during cybersecurity conversations, but should be. Continue Reading
-
It's time to harden AI and ML for cybersecurity
An RSA Conference panel said that now is the time to become proactive against AI and ML adversarial attacks -- before they become more sophisticated. Continue Reading
-
How Target built its DevSecOps culture using psychology
Building a healthy DevSecOps culture isn't easy. Learn how Target used organizational psychology to get development and application security teams on the same page. Continue Reading
-
Top 14 ransomware targets in 2023 and beyond
Two in three organizations suffered ransomware attacks in a single 12-month period, according to recent research. And, while some industries are taking particularly hard hits, no one is safe. Continue Reading
-
How to use Azure AD Connect synchronization for hybrid IAM
Organizations face many challenges authenticating and authorizing users in hybrid infrastructures. One way to handle hybrid IAM is with Microsoft Azure AD Connect for synchronization. Continue Reading
-
Practice Microsoft SC-100 exam questions with answers
Use these practice multiple-choice questions, with answers, to assess your knowledge of the Microsoft Cybersecurity Architect exam. Continue Reading
-
How to prepare for the Microsoft Cybersecurity Architect exam
Before taking the Microsoft Cybersecurity Architect exam, learn about the knowledge areas covered on the SC-100 test, studying recommendations, prerequisites and more. Continue Reading
-
ICS kill chain: Adapting the cyber kill chain to ICS environments
As IT/OT convergence continues to gain traction, industrial control system security cannot be ignored. Performing pen tests based on the ICS Kill Chain can help. Continue Reading
-
An intro to the IDMZ, the demilitarized zone for ICSes
Setting up an IDMZ -- a demilitarized zone between enterprise and industrial networks -- can prevent operational environments from becoming compromised by IT threats. Continue Reading
-
Reinforce industrial control system security with ICS monitoring
Monitoring an industrial control system environment isn't that different from monitoring a traditional IT environment, but there are some considerations to keep in mind. Continue Reading
-
Why medical device vulnerabilities are hard to prioritize
Vulnerabilities in critical medical devices could lead to loss of life. But opinions are mixed on how serious the risk is to patient safety and how best to address the flaws. Continue Reading
-
Publicly disclosed U.S. ransomware attacks in 2023
TechTarget Editorial's ransomware database collects public disclosures, notifications and confirmed reports of attacks against U.S. organizations each month. Continue Reading
-
SMS pumping attacks and how to mitigate them
Online forms that use SMS can be costly to organizations if they are vulnerable to SMS pumping attacks. Use the following methods to mitigate or prevent this fraud-based attack. Continue Reading
-
Top 30 incident response interview questions
Job interviews are nerve-wracking, but preparation can help minimize jitters and position you to land the role. Get started with these incident response interview questions. Continue Reading
-
How to apply and edit Wireshark display filters
Wireshark display filters enable users to narrow the scope of a network traffic scan. Use this tutorial to apply and edit display filters to make detailed network sniffing easier. Continue Reading
-
Customize workflows with Wireshark profiles
Wireshark has a variety of uses, which is why creating multiple personalized Wireshark profiles is important. Learn about Wireshark profiles, how to share them and more. Continue Reading
-
Top benefits of SOAR tools, plus potential pitfalls to consider
To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
-
How to create a CSIRT: 10 best practices
The time to organize and train a CSIRT is long before a security incident occurs. Certain steps should be followed to create an effective, cross-functional team. Continue Reading
-
Top incident response service providers, vendors and software
Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
-
Inside the PEIR purple teaming model
Want to try purple team exercises but aren't sure how to do so? Try the 'Prepare, Execute, Identify and Remediate' purple teaming model. Continue Reading
-
Understanding purple teaming benefits and challenges
Blue teams and red teams are coming together to form purple teams to improve their organization's security posture. What does this mean for the rivals? And how does it work? Continue Reading
-
Top incident response tools: How to choose and use them
The OODA loop can help organizations throughout the incident response process, giving insight into which tools are needed to detect and respond to security events. Continue Reading
-
No relief in sight for ransomware attacks on hospitals
Despite being off limits for some hackers, hospitals continue to be lucrative targets for ransomware groups because of their valuable data and higher rate of paying ransoms. Continue Reading
-
How to become an incident responder: Requirements and more
Incident response is a growth field that provides career growth options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications. Continue Reading
-
Top 10 types of information security threats for IT teams
Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond. Continue Reading
-
10 types of security incidents and how to handle them
Cyberattacks are more varied than ever. Learn the key symptoms that signal a problem and how to respond to keep systems and data safe. Continue Reading
-
How to fix the top 5 cybersecurity vulnerabilities
Check out how to fix the top five cybersecurity vulnerabilities to prevent data loss whether the problem is poor endpoint security, ineffective network monitoring or other issues. Continue Reading
-
How to build an incident response plan, with examples, template
With cyber threats and security incidents growing by the day, every organization needs a solid incident response plan. Learn how to create one for your company. Continue Reading
-
Ransomware trends, statistics and facts in 2023
Supply chain attacks, double extortion and RaaS were just a few of the ransomware trends that plagued 2022 and will continue to disrupt businesses in 2023. Continue Reading
-
How to configure Windows privacy settings with Intune
To personalize UX, Windows devices aren't shy about collecting user data. This isn't ideal for enterprise security. Discover how to lock down privacy settings with Intune. Continue Reading
-
Windows security tips for the enterprise
Securing a Windows environment is no easy feat. Read up on low-hanging fruit to quickly address, as well as top tips from two security practitioners to get started. Continue Reading
-
20 companies affected by major ransomware attacks in 2021
Between hefty ransom demands, major disruptions and leaked data, 2021 saw major ransomware activity across companies and industries. Continue Reading
-
11 cybersecurity predictions for 2023
Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
-
After the CISO role: Navigating what comes next
Former chief information security officers may have numerous career options available but no clear path forward. Here's how to navigate life after the CISO role. Continue Reading
-
12 types of wireless network attacks and how to prevent them
From packet sniffing and rogue access points to spoofing attacks and encryption cracking, learn about common wireless network attacks and how to prevent them. Continue Reading
-
Understanding malware analysis and its challenges
Discover what to expect in a malware analyst career, from the types of malware you'll encounter to important tools to use to difficulties that arise for those new to the field. Continue Reading
-
Why is malware analysis important?
Malware continues to plague all organizations, causing data loss and reputational damage. Discover how malware analysis helps protect companies from such attacks. Continue Reading
-
How to prevent SQL injection with prepared statements
One of the top defenses against SQL injection is prepared statements. In this book excerpt, learn what prepared statements are and how to extend their defense. Continue Reading
-
How to maintain security with an understaffed security team
Unsurprisingly, many companies function without a complete security team. Security tasks often fall to others in the organization. Here's some advice for stand-in security members. Continue Reading
-
WLAN security: Best practices for wireless network security
Follow these wireless network security best practices to ensure your company's WLAN remains protected against the top threats and vulnerabilities. Continue Reading
-
5 ways to overcome multifactor authentication vulnerabilities
Improve the resiliency of multifactor authentication by giving users more information, making default settings more secure, hiding secrets and more. Continue Reading
-
How to build a shadow IT policy to reduce risks, with template
With a shadow IT policy in place, organizations reduce security risks from unapproved applications and services that employees introduce independently. Continue Reading
-
Equipment to include in a computer forensic toolkit
Computer forensic investigators require more than software to do their job. Learn what equipment constitutes a complete computer forensic toolkit. Continue Reading
-
Advice for beginner computer forensic investigators
For those interesting in becoming a computer forensics investigator, learn about the career and what to expect, as well as why digital evidence is the most volatile evidence. Continue Reading
-
Enterprise ransomware preparedness improving but still lacking
An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks. Continue Reading
-
Top 10 pen testing interview questions with answers
Are you pursuing a career in pen testing? Prepare with this list of 10 pen testing interview questions and answers created by three security experts. Continue Reading
-
Top IT security manager interview questions
Are you looking for a leadership role in cybersecurity? Three security experts offer their advice on how to answer the most common IT security manager interview questions. Continue Reading
-
Why Kali Linux is the go-to distribution for penetration testing
Discover why penetration testers prefer to use the Kali Linux distribution for offensive security, from collecting useful tools together to being usable from multiple devices. Continue Reading
-
How to configure and customize Kali Linux
Learning how to use Kali Linux for ethical hacking and penetration testing? Read step by step how to configure and customize the distribution. Continue Reading
-
7 steps for implementing zero trust, with real-life examples
More than a decade since the term's inception, zero-trust security is still much easier said than done. Here's how to get started. Continue Reading
-
LinkedIn scams, fake Instagram accounts hit businesses, execs
Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes. Continue Reading
-
Top zero-trust certifications and training courses
Most organizations are expected to implement zero trust in the next few years. Learn about zero-trust certifications and trainings that can help prepare your security team. Continue Reading
-
How to prepare for post-quantum computing security
One of the biggest fears about quantum computing is its ability to break encryption algorithms more easily. Learn why and how to start making quantum security preparations now. Continue Reading
-
How to prepare for the CompTIA CASP+ exam
Are you pursuing the CompTIA Advanced Security Practitioner certification? The author of a CASP+ cert guide offers advice on how to prepare for the exam. Continue Reading
-
What is the future of cybersecurity?
Cybersecurity is top of mind for businesses and their boards amid a relentless rise in cyber threats. What does the future of cybersecurity look like? Continue Reading
-
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
-
Is ethical hacking legal? And more ethical hacking advice
Is ethical hacking legal? Learn about the legality of ethical hacking, why it's important, its benefits and what organizations should look for when hiring an ethical hacker. Continue Reading
-
Ethical hacking: How to conduct a Sticky Keys hack
Physical security is often overlooked by cybersecurity teams. Learn about physical cybersecurity attacks in step-by-step instruction on how to conduct a Windows Sticky Keys hack. Continue Reading
-
Importance of enterprise endpoint security during a pandemic
Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it. Continue Reading
-
Cybersecurity lessons learned from COVID-19 pandemic
Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
-
The importance of data security in the enterprise
Three industry experts discuss the criticality of data security in the enterprise, including the significance of data breaches and compliance regulations. Continue Reading
-
10 biggest data breaches in history, and how to prevent them
Did you know the biggest data breach in history exposed a whopping 3 billion records? Learn more about the largest data breaches and get advice on how to prevent similar attacks. Continue Reading
-
How to develop a data breach response plan: 5 steps
A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan. Continue Reading
-
How to secure data at rest, in use and in motion
With internal and external cyber threats on the rise, check out these tips to best protect and secure data at rest, in use and in motion. Continue Reading
-
How to create a data security policy, with template
Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started. Continue Reading
-
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
-
Cyber-war game case study: Preparing for a ransomware attack
In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan. Continue Reading
-
4 criteria to measure cybersecurity goal success
Measuring the success of cybersecurity goals is challenging because they are components of larger goals and often probabilistic rather than deterministic. Continue Reading
-
Clearing up cybersecurity architecture confusion, challenges
There's no lack of cybersecurity frameworks, but there is a lack of resources to help small and midsize organizations build a cybersecurity architecture -- until now. Continue Reading
-
Top 7 types of data security technology
These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
-
How to write a cybersecurity job posting
Is your organization struggling to find cybersecurity talent? Your job descriptions could be the problem. Learn how to write a good cybersecurity job posting. Continue Reading
-
How to define cyber-risk appetite as a security leader
In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite. Continue Reading
-
A 'CISO evolution' means connecting business value to security
As cybersecurity has changed, so has the CISO role. 'The CISO Evolution: Business Knowledge for Cybersecurity Executives' aims to help security leaders succeed in the C-suite. Continue Reading
-
How to find your niche in cybersecurity
It's difficult to navigate a career in cybersecurity, especially with all the varying roles. A veteran CISO offers advice on how to find your niche in the security industry. Continue Reading
-
How to determine out-of-scope bug bounty assets
What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.' Continue Reading
-
An enterprise bug bounty program vs. VDP: Which is better?
Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
-
Publicly disclosed U.S. ransomware attacks database
Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
-
3 types of PKI certificates and their use cases
Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases. Continue Reading
-
Using SSH tunneling for good and evil
Secure Shell tunneling takes the secure application protocol to the next level for bypassing firewalls and creating secure connections everywhere. Continue Reading
-
How ransomware kill chains help detect attacks
Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack. Continue Reading
-
How to improve cyber attack detection using social media
Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
-
How to design architecture for enterprise wireless security
Learn about a five-phase design methodology that will help your company plan for and create an enterprise wireless security architecture. Continue Reading
-
Implementing wireless security in the enterprise
Learn how to properly secure your enterprise wireless network while considering UX, zero trust and commonly overlooked architectural mistakes. Continue Reading
-
Why using ransomware negotiation services is worth a try
If stakeholders decide to pay ransomware demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
-
Apple, Microsoft, Google expand FIDO2 passwordless support
Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS. Continue Reading
-
Case study: Scaling DevSecOps at Comcast
Comcast's DevSecOps transformation started small but quickly gained steam, resulting in 85% fewer security incidents in production. Learn more in this case study. Continue Reading