Network Security
Network Security | News, how-tos, features, reviews, and videos
Open-source options offer increased SOC tool interoperability
Too many security tools in your SOC, and none of them talk to each other, but new vendor-supported open-source projects might lead to greater interoperability.
Lack of firmware validation for computer peripherals enables highly persistent attacks
Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.
DDoS explained: How distributed denial of service attacks are evolving
A distributed denial of service (DDoS) attack is when attackers attempt to make it impossible for a service to be delivered, typically by drowning a system with requests for data. They have been part of the criminal toolbox for twenty...
Backdoors and Breaches incident response card game makes tabletop exercises fun
New Backdoors and Breaches card game makes it easy to build a random, realistic incident as part of a tabletop exercise.
Updated
Security software reviews, 2019: Lab tests of today's top tools
We go hands-on with some of the most innovative, useful and, arguably, best security software on the market.
Global threat groups pose new political and economic dangers
Nation-state players in Iran, North Korea, Saudi Arabia and Russia are getting new objectives and changing strategies, say experts.
Updated
Best new Windows 10 security features: Longer support, easier deployment
Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for the 1909 feature release.
Misconfigured WS-Discovery in devices enable massive DDoS amplification
Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.
New NetCAT CPU side-channel vulnerability exploitable over the network
NetCAT takes advantage of Intel DDIO technology to remotely execute keystroke timing attacks.
IoT vendors ignore basic security best practices, CITL research finds
New measurements by the CITL mass fuzzing project show just how bad things really are--and how IoT device makers could radically increase binary security with one day of engineering work.
What is a computer worm? How this self-spreading malware wreaks havoc
A worm is a form of malware (malicious software) that operates as a self-contained application and can transfer and copy itself from computer to computer.
What is a zero day? A powerful but fragile weapon
A zero day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market
Critical VxWorks flaws expose millions of devices to hacking
Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and...
Why the Huawei ban is bad for security
Many believe the ban on exporting U.S. technology to Chinese company Huawei could hurt American tech vendors and do little to mitigate supply chain threats.
Public SAP exploits could enable attacks against thousands of companies
A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances. Here's what companies using SAP should do.
Researchers warn of unpatched vulnerability in Oracle WebLogic Server
Detected scans suggest attacker are seeking vulnerable servers to target for attacks.
Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software
VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system.
