Hacking

Hacking | News, how-tos, features, reviews, and videos

man in the middle phone on a string communicaiton
group of hackers in digital environment

cyber security lock padlock firewall code breach password

The OPM hack explained: Bad security practices meet China's Captain America

How the OPM hack happened, the technical details, and a timeline of the infiltration and response.

hunting and monitoring security threats

Burned malware returns, says Cylance report: Is Hacking Team responsible?

Burning malware forces attackers to evolve, not go away. Network defenders take note.

botnet bots

What is a botnet? And why they aren't going away anytime soon

A botnet is a collection of any type of internet-connected device that an attacker has compromised. Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to...

7 safe browswer search legitimate url domains surfing the internet

Why abandoned domain names are so dangerous

Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

mobile apps crowdsourcing via social media network [CW cover - October 2015]

Why you should consider crowdsourcing IT security services

Whether you need a pentesting team, a bug bounty program, or a vulnerability disclosure plan, several crowdsourcing platforms can take the risk and pain from the process.

cockroach bug binary2

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

An armored knight armor with halo and wings holds a shield, layered in Microsoft brand colors.

How Microsoft became tech’s good guy

Even if it’s doing so out of self-interest, the company has been acting as a force for good.

forensics threat hunter cyber security thumbprint

Who wants to go threat hunting?

Rob Lee talks about how he became one of the first threat hunters and how you can become one. It will take skills in IR, forensics, and security analytics.

cyber resilience shock absorber

What is cyber resilience? Building cybersecurity shock absorbers for the enterprise

Sure, you’ve prepared for attacks and breaches, but how well can core business processes function when a crisis hits?

Election 2016 teaser - Electronic voting security for digital election data

Online voting is impossible to secure. So why are some governments using it?

If you thought electronic voting machines were insecure, wait 'til you meet online voting. Dr. Vanessa Teague has twice demonstrated massive security flaws in online voting systems. Instead of fixes and support, she got official...

Election 2016 teaser - Electronic voting security

Voting machine vendor firewall config, passwords posted on public support forum

"This is gold" for a nation-state attacker that wanted to hack an election.

digital money - binary code

How to detect and prevent crypto mining malware

Hackers are placing crypto mining software on devices, networks, and websites at an alarming rate. These tools can help spot it before it does great harm.

framework metal

What is Mitre's ATT&CK framework? What red teams need to know

The ATT&CK framework allows security researchers and red teams to better understand hacker threats.

security threats and vulnerabilities

How a vulnerability disclosure policy lets hackers help you

Does your company have a vulnerability disclosure policy (VPD)? And if not, what might it mean for your security?

capture the flag hackathon face off

10 questions to answer before running a capture the flag (CTF) contest

Running your own CTF contest can build security skills and help identify new internal and external talent. Learn what types of challenges you need to include, how to make the contest run smoothly, and other logistics to consider.

ddos attack

Another massive DDoS internet blackout could be coming your way

A massive internet blackout similar to the Dyn DNS outage in 2016 could easily happen again, despite relatively low-cost countermeasures, according to a new study out of Harvard University.

artificial intelligence ai brain virtual

Is your vendor being honest about AI?

Some vendors who claim their products use artificial intelligence or machine learning technology are really using rules-based engines. Here's how to spot the lie.

03 cryptography

Why aren't we using SHA-3?

The Secure Hash Algorithm version 3 fixes flaws in the now-standard SHA-2 cipher. Here's how to prepare for a migration to SHA-3 when SHA-2 is inevitably compromised.

Load More