Twitch and YouTube abuse: How to stop online harassment
Find tips on protecting yourself online as a streamer, blogger and influencer on Twitch, YouTube and more.
Topics
NPK: Free tool to crack password hashes with AWS
Find out why an NPK can be a beneficial tool when it comes to password cracking in penetration testing.
Tutorial: How to exfiltrate or execute files in compromised machines with DNS
Go through this tutorial on exfiltrating and executing files between machines using the well-known DNS protocol.
Top 6 bug bounty programs for cybersecurity professionals
The best bug bounty programs for security researchers, including objectives, bugs and the potential bounties you can earn.
Tunneling and port forwarding tools used during red teaming assessments
Learn about popular tools used during red teaming assessments.
Understanding hackers: The insider threat
Companies often think of attackers as something that comes from the outside, yet overlook the far more dangerous threat: attackers from within.
Understanding hackers: The 5 primary types of external attackers
In order to defend, it’s important to understand who the attacker is and what motivates them.
Get your ‘I’ve got this’ on – it’s Data Privacy Day!
Use January 28 as a motivator to take back control of your business and personal information. If they can't protect it, don't collect it!
Celebrate Data Privacy Day: Free privacy and security awareness resources
Practice data privacy year-round with these free resources for Data Privacy Day! Learn about data privacy best practices, data privacy careers and more.
Passion and perseverance equal success for this inspiring scholarship winner
Scholarship winner Edelia McDaniel proves that anything is possible when you work hard and stay hungry.
ISO 27001 auditing: 6 things to know about auditing training and careers
ISO 27001 is one of the most well-known security management frameworks — and a valuable skill set for auditors, managers and cybersecurity professionals.
Inside phishing data: What works and doesn’t work with employee training
Two reports explore the data behind phishing trends and the effectiveness of security awareness training. Find out what works — and what doesn't.
Consent phishing: How attackers abuse OAuth 2.0 permissions to dupe users
What is consent phishing? How are cyberattackers using a standard protocol, OAuth 2.0, to gain access to user data even if it is robustly protected?
Malware instrumentation with Frida
Learn about DBI with Frida Tools and explore some code and scripts useful during malware analysis.
Malware analysis arsenal: Top 15 tools
Here are some of the popular tools used by malware experts to defeat and reverse the most advanced and sophisticated pieces of malware
iOS forensics
Day by day, smartphones and tablets are becoming ever more popular, and as a result, the technology used in development to add new features or improve the security...
Kali Linux: Top 5 tools for digital forensics
There are many tools available from Kali Linux. These are the five most popular tools for digital forensics work.
Kali Linux: Top 8 tools for reverse engineering
These Kali Linux tools are great for offensive and defensive cybersecurity.
Stacks and Heap
Memory is a crucial resource for any system when conducting reverse engineering. Malware analysts must understand the way memory is assigned to a program.
During...
Only 20% of new developers receive secure coding training, says report
A lack of secure coding training presents a risk for your organization.
Container security implications when using Iron vs VM vs cloud provider infrastructures
Containers are popular, meaning more and more service providers are offering ways to manage container workloads, each with their own pros and cons.
Cybersecurity Weekly: Most popular phishing trends, Microsoft emergency update and a REvil ransomware sting
The most common brands imitated for phishing attempts, a new fix for Windows Server and VPN bugs and a raid on the REvil cybercrime gang. All this, and more, in this week’s edition of Cybersecurity Weekly.
Cybersecurity Weekly: Mitigating ransomware risks, new iOS privacy report and privacy predictions for 2022
Balancing people, skills & technology to reduce risk, iPhone offers new transparency into app data and predictions for 2022 privacy concerns. All this, and more, in this week’s edition of Cybersecurity Weekly.
How to use Wireshark for protocol analysis: Video walkthrough
Learn how to analyze network traffic with the free protocol analyzer Wireshark and sniffing tool tcpdump. Then try it yourself!
9 best practices for network security
Network security is important for every organization, no matter how big or small. Here are some best practices.
Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
The demand for dark web hacking tools has reached all-time highs across the cybercriminal ecosystem during the COVID-19 pandemic.
Double extortion ransomware: Pay now or get breached
Ransomware has become a lot more sophisticated recently, and learning more about it is important to stay safe in case it happens to you.
Beginner’s guide to the basics of data encryption
Encryption is one of the best ways to protect data from being exposed due to different types of cyber incidents. Learn how it works.
Structures of cryptography
Cryptography is an important way to keep data safe. Learn about cryptography features and how cryptography works.
How will zero trust change the incident response process?
Find out how Zero Trust security affects the incident response process.
How to build a proactive incident response plan
The average cost of a data breach is now $4.24 million. A proactive incident response plan is crucial to help organizations mitigate that risk.
Securing cloud endpoints: What you should know
Let’s take a closer look at security challenges affecting endpoints in public and private clouds.
AWS security and compliance overview
Amazon offers many solutions for ensuring your environment is secure and meets many industry standard compliance frameworks. By properly utilizing tools such...
Android security: Everything you need to know [Updated 2021]
Android devices have a host of security risks, but updates are helping to mitigate them.
Application sideloading in Windows 10
Windows 10 security is a constantly evolving and update process. Data security in Windows 10 starts with a high encryption, using BitLocker. Access is restricted...
Operation technology sees rise in targeted remote access Trojans and ransomware
Operation technology (OT) is one of the most overlooked segments of the IT sector that attack groups target.
Vehicle hacking: A history of connected car vulnerabilities and exploits
New cars have features that need a connection to work, like keyless entry via smartphones or in-car Wi-Fi systems, which can introduce vulnerabilities.
Genetic testing “hottest” new form of health insurance fraud, FBI warns
The FBI is finding more and more cases of health insurance fraud. Learn more about it.
Healthcare data security issues: Best security practices for virtual healthcare sessions
With more telehealth and related digital mechanisms to deliver health, healthcare data security standards are more important than ever.
Most common MITRE ATT&CK tactics and techniques: CISA shares most common RVAs
CISA has released a list of Risk and Vulnerability Assessments, or RVAs, to the MITRE ATT&CK Framework and have released their findings to the public...
Using MITRE ATT&CK with cyber threat intelligence
The MITRE ATT&CK framework is a tool developed by the MITRE Corporation. It is designed to provide information about how a cyberattack works and the various...
Compromise assessment or threat hunting? What do organizations need?
Compromise assessment and threat hunting are two rising techniques of implementing network security. Figure out what your organization needs.
Deception technologies: 4 tools to help you identify threats and mitigate risks
Deception technologies have come a long way from the days when honeypots were used to analyze attacker behavior. Today’s deception tools contain advanced...
Your next security bug won’t even be in the software that you wrote
Your in-house developers check their software for security flaws, but the next bug might not come from them. It might come from your digital supply chain.
Security in Action Framework: Determine if an MSSP is a good fit for you
The Security in Action Framework is interactive and customizable — and the best approach to working with MSSPs to achieve better security outcomes.
Will a Digital Bill of Rights solve machine learning and privacy issues?
Will the Digital Bill of Rights fix the machine learning algorithm and privacy conundrum?
Engineering personality analysis from machine learning
From social media to eye movement to handwriting, there are numerous ways to uncover your personality traits — and for cybercriminals to exploit them.
Decentralized identifiers (DIDs) and blockchain: The silver bullet for online privacy?
Learn more about decentralized identifiers and the role they play in keeping your privacy and data intact.
Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations
A new Cryptocurrency Enforcement Framework was recently released. Learn how it may impact cryptocurrency, cybersecurity and digital forensics investigations.
Smart Toys and Their Cybersecurity Risks: Are Our Toys Becoming a Sci-Fi Nightmare? [updated 2021]
As smart toys get more advanced, they bring more cybersecurity risk with them.
Japan’s IoT scanning project looks for vulnerable IoT devices
The Internet of Things (IoT) is still a baby compared to other computing technologies, but the market has already exploded and continues to expand at a healthy...
NIST first responder guidance: Balancing mobile security with response time
The NIST 1800-13 standard describes how public safety first responder organizations can improve access to sensitive data without compromising security
Critical software security guidance issued by NIST
Explore the five best practices in cybersecurity risk mitigation for all organizations based on NIST's Security Measures for EO-Critical Software Use.
Infosec Skills January Challenge: New year, new prizes
Join the quest for new skills, bragging rights and over $1,000 in prizes. Each month, we’ll release a brand new challenge. Can you complete it?
ICS cyber ranges: Hands-on training for industrial control system security teams
Incident response has been a pillar of cybersecurity for decades. But plans to account for the unique risks surrounding the specialized command and control...
Introduction to the DoD Cyber Workforce Framework (DCWF)
In response to the ever-changing world, including the increased focus on cyberspace as a theater of war, the US Department of Defense (DoD) decided that it...
DoD 8570 IAT certification and requirements [updated 2020]
The US Department of Defense (DoD) hosts a number of directives that set out the requirements of their workforce. DoD 8570, titled “Information Assurance...