New & Notable
Problem Solve
Quishing on the rise: How to prevent QR code phishing
A monthslong quishing campaign demonstrated how cybercriminals are using QR codes to trick users. Here's what enterprise security leaders need to know.
News
DDoS attacks surging behind new techniques, geopolitical goals
A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors.
News
Censys finds hundreds of exposed devices in federal orgs
Censys found exposed instances of Progress Software's MoveIt Transfer and Barracuda Networks' Email Security Gateway appliances during its analysis of FCEB agency networks.
News
ChatGPT users at risk for credential theft
As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials.
Trending Topics
-
Data Security & Privacy News
Apple patches zero days used in spyware attacks on Kaspersky
Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees.
-
Threats & Vulnerabilities News
Risk & Repeat: More victims emerge from MoveIt Transfer flaw
CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen.
-
IAM News
ChatGPT users at risk for credential theft
As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials.
-
Analytics & Automation Evaluate
How AI benefits network detection and response
Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response.
-
Network Security News
DDoS attacks surging behind new techniques, geopolitical goals
A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors.
-
Operations & Management Evaluate
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks.
Topics Covered
Application and platform security
Careers and certifications
Cloud security
Compliance
Data security and privacy
Identity and access management
Network security
Risk management
Security analytics and automation
Security operations and management
Threat detection and response
Threats and vulnerabilities
Featured Authors
Find Solutions For Your Project
-
Evaluate
The complete guide to ransomware
Organizations in every industry can be targets of cybercrime for profit. Get expert advice on ransomware prevention, detection and recovery in our comprehensive guide.
-
The ultimate guide to cybersecurity planning for businesses
-
How API gateways improve API security
-
Top 10 threat modeling tools, plus features to look for
-
-
Problem Solve
Plan ahead to reduce cloud forensics challenges
Laying out a detailed framework that governs how -- and how quickly -- information is shared by CSPs can help ease the problems associated with collecting forensics data.
-
Protect against current and future threats with encryption
-
How to reduce risk with cloud attack surface management
-
Addressing the confusion around shift-left cloud security
-
-
Manage
Implement zero trust to improve API security
Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked.
-
How to secure blockchain: 10 best practices
-
Attack surface reduction rules for Microsoft productivity apps
-
Manage security posture with Microsoft Defender for Endpoint
-
-
E-Handbook | July 2021
Mitigating risk-based vulnerability management challenges
Download -
E-Handbook | June 2021
Security observability tools step up threat detection, response
Download -
E-Handbook | February 2021
Threat detection and response demands proactive stance
Download -
E-Handbook | January 2021
SolarWinds supply chain attack explained: Need-to-know info
Download -
E-Handbook | November 2020
Cyber insurance 101: Timely guidance on an essential tool
Download
Information Security Basics
-
Get Started
Occupational Safety and Health Administration (OSHA)
The Occupational Safety and Health Administration (OSHA) is responsible for protecting worker health and safety in the United States.
-
Get Started
phishing
Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication.
-
Get Started
Blockchain security: Everything you should know for safe use
Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses.
Multimedia
-
News
View All -
Network security
DDoS attacks surging behind new techniques, geopolitical goals
A rise in massive DDoS attacks, some of which target the application layer and cause significant disruptions, might require new defense strategies from cybersecurity vendors.
-
Application and platform security
Censys finds hundreds of exposed devices in federal orgs
Censys found exposed instances of Progress Software's MoveIt Transfer and Barracuda Networks' Email Security Gateway appliances during its analysis of FCEB agency networks.
-
Identity and access management
ChatGPT users at risk for credential theft
As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials.
Security Definitions
- Occupational Safety and Health Administration (OSHA)
- phishing
- PCI compliance
- PCI DSS (Payment Card Industry Data Security Standard)
- logon (or login)
- security analytics
- NICE Framework (National Initiative for Cybersecurity Education Cybersecurity Workforce Framework)
- application blacklisting (application blocklisting)