A new APT, dubbed White Company, is flexing its muscle on the world stage, and it has security researchers worried.
Stories by J.M. Porup
OWASP's Broken Web Applications Project makes it easy to learn how to hack web applications--a critical skill for web application developers playing defense, junior penetration testers, and security-curious management.
Check Point researcher finds vulnerability that could have allowed attackers to spy on drone fleets in real time.
Burning malware is like Hercules fighting the nine-headed Hydra. For every head he cuts off, two more grow back in its place.
Everything is broken, and government and corporations like it that way. But when people start dying because of insecure cyberphysical systems, the overreaction from panicked policymakers could be worse than after 9/11.We need to solve this problem now, Bruce Schneier argues in his new book.
Wireshark is a must-have (and free) network protocol analyzer for any security professional or systems administrator. It's like Jaws, only for packets.
Penny-wise, pound-foolish: Letting old domain names expire might save a few bucks a year, but lets attackers register your old domain and pretend to be you.
Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.
With XSS, attackers enter malicious code into a web form or web app URL to trick the application into doing something it's not supposed to do.
A massive internet blackout similar to the Dyn DNS outage in 2016 could easily happen again, despite relatively low-cost countermeasures, according to a new study out of Harvard University.
SQL injection attacks are well-understood and easily preventable, and the priority for risk mitigation should be preventing SQL injection attacks in the first place. Listen to Little Bobby Tables and sanitize your database inputs.
Shiny buttons that go "ping!" considered harmful.
Qubes OS defends at-risk enterprise users from targeted attacks, as well as drive-by malware and the Meltdown exploit.
To few eyeballs on code is a security issue. Can FreeBSD, OpenBSD, and NetBSD survive?
Humans make irrational decisions under pressure. Security training needs to focus on changing behavior, not just raising awareness. Using effective analogies can help.