How to choose and harden your VPN: Best practices from NSA & CISA
These five best practices will steer you on course for choosing and hardening your VPN.
Topics
Top tools for password-spraying attacks in active directory networks
Learn how password spraying attacks work, how popular tools are used within this context and how to defeat these kinds of attacks.
NPK: Free tool to crack password hashes with AWS
Find out why an NPK can be a beneficial tool when it comes to password cracking in penetration testing.
How ethical hacking and pentesting is changing in 2022
The cloud and new web applications are changing the world of ethical hacking and penetration testing.
Ransomware penetration testing: Verifying your ransomware readiness
Find out how well you might do with ransomware pasted on your penetration testing skills.
How to find the perfect security partner for your company
Not all advisors are created equal, so you’ll want to choose carefully and consider a variety of factors.
Security gives your company a competitive advantage
When you properly secure your software system and then can prove it, you obtain a competitive advantage that helps you earn trust and win sales.
10 best security awareness training vendors in 2022
Find the best security awareness training provider for your organization with this breakdown of current top security awareness vendors.
How to hack two-factor authentication: Which type is most secure?
Find out how Two-factor authentication (2FA) and multi-factor authentication can help you with your online security.
For 2021 Infosec Scholarship winner Olivia Gallucci, proof that it is never too early to follow your passion
Olivia Gallucci, a 2021 Infsec Scholarship Winner, will continue to explore her passion for cybersecurity, technology and free and open-source software.
Hugh Shepherd: A career defined by service, persistence and growth
Hugh Shepherd is one of the 2021 Infosec Scholarship winners, demonstrating how far the right attitude and drive for professional growth can take you.
11 phishing email subject lines your employees need to recognize [Updated 2022]
53% of organizations reported a phishing-related breach. Here are the top phishing email subject lines your employees should be able to recognize.
Consent phishing: How attackers abuse OAuth 2.0 permissions to dupe users
What is consent phishing? How are cyberattackers using a standard protocol, OAuth 2.0, to gain access to user data even if it is robustly protected?
iOS forensics
Day by day, smartphones and tablets are becoming ever more popular, and as a result, the technology used in development to add new features or improve the security...
Kali Linux: Top 5 tools for digital forensics
There are many tools available from Kali Linux. These are the five most popular tools for digital forensics work.
Data protection Pandora’s Box: Get privacy right the first time, or else
Learn about data protection practices that will help you keep your data safe.
Privacy dos and don’ts: Privacy policies and the right to transparency
Transparency is essential for privacy. Find out the top things you can do right (and wrong) when it comes to privacy policies.
Cybersecurity Weekly: Novel phishing trick bypasses filters, Costa Rica declares a national emergency and an electronic cybercrime evidence swap.
A new novel phishing trick used to bypass spam filters, a national emergency in Costa Rica due to Conti ransomware, and US agrees to an international electronic...
Cybersecurity Weekly: Avoiding P2P payment scams, GitHub 2FA requirements, Tech giants committing to eliminating passwords
How to avoid falling victim to new P2P payment scams, GitHub announces 2FA requirement for code contributors, and tech giants such as Apple, Google and Microsoft...
Kali Linux: Top 8 tools for reverse engineering
These Kali Linux tools are great for offensive and defensive cybersecurity.
Stacks and Heap
Memory is a crucial resource for any system when conducting reverse engineering. Malware analysts must understand the way memory is assigned to a program.
During...
Only 20% of new developers receive secure coding training, says report
A lack of secure coding training presents a risk for your organization.
Container security implications when using Iron vs VM vs cloud provider infrastructures
Containers are popular, meaning more and more service providers are offering ways to manage container workloads, each with their own pros and cons.
Converting a PCAP into Zeek logs and investigating the data
Learn how to better understand the Zeek log file structure and how to use the logs when investigating events.
Using Zeek for network analysis and detections
Learn about how to use Zeek, a free, powerful open-source network traffic analyzer.
Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
The demand for dark web hacking tools has reached all-time highs across the cybercriminal ecosystem during the COVID-19 pandemic.
Double extortion ransomware: Pay now or get breached
Ransomware has become a lot more sophisticated recently, and learning more about it is important to stay safe in case it happens to you.
Beginner’s guide to the basics of data encryption
Encryption is one of the best ways to protect data from being exposed due to different types of cyber incidents. Learn how it works.
Structures of cryptography
Cryptography is an important way to keep data safe. Learn about cryptography features and how cryptography works.
DevSecOps in the Azure Cloud
Explore how organizations operating in the Microsoft Azure cloud can use a vendor-prescribed architecture and dedicated security tools to adopt a DevSecOps process.
Amazon Athena Security: 6 essential tips
Learn about Amazon's popular cloud service, Amazon Athena, and how to improve visibility and control.
How will zero trust change the incident response process?
Find out how Zero Trust security affects the incident response process.
How to build a proactive incident response plan
The average cost of a data breach is now $4.24 million. A proactive incident response plan is crucial to help organizations mitigate that risk.
Android security: Everything you need to know [Updated 2021]
Android devices have a host of security risks, but updates are helping to mitigate them.
Application sideloading in Windows 10
Windows 10 security is a constantly evolving and update process. Data security in Windows 10 starts with a high encryption, using BitLocker. Access is restricted...
Microsoft Autodiscover protocol leaking credentials: How it works
Explore how the Autodiscover protocol works and why your environment might be insecure and leak passwords to the internet.
How to write a vulnerability report
Find out how to write a good vulnerability report and why it's important to do well.
Operation technology sees rise in targeted remote access Trojans and ransomware
Operation technology (OT) is one of the most overlooked segments of the IT sector that attack groups target.
Vehicle hacking: A history of connected car vulnerabilities and exploits
New cars have features that need a connection to work, like keyless entry via smartphones or in-car Wi-Fi systems, which can introduce vulnerabilities.
Genetic testing “hottest” new form of health insurance fraud, FBI warns
The FBI is finding more and more cases of health insurance fraud. Learn more about it.
Healthcare data security issues: Best security practices for virtual healthcare sessions
With more telehealth and related digital mechanisms to deliver health, healthcare data security standards are more important than ever.
IT skills advice from IDC’s IT education and certifications expert
IDC's Cushing Anderson breaks down the current IT skills landscape and how organizations can keep up as it evolves.
Managing a security awareness program: Carrots, sticks, and repeat offenders
Learn important lessons on how to optimize staff engagement with your security awareness training program from an expert panel led by Infosec.
How to use MITRE ATT&CK Navigator: A step-by-step guide
Learn how to use the MITRE ATT&CK Navigator and showcase this data in formats that can be useful in multiple scenarios.
Most common MITRE ATT&CK tactics and techniques: CISA shares most common RVAs
CISA has released a list of Risk and Vulnerability Assessments, or RVAs, to the MITRE ATT&CK Framework and have released their findings to the public...
Compromise assessment or threat hunting? What do organizations need?
Compromise assessment and threat hunting are two rising techniques of implementing network security. Figure out what your organization needs.
Deception technologies: 4 tools to help you identify threats and mitigate risks
Deception technologies have come a long way from the days when honeypots were used to analyze attacker behavior. Today’s deception tools contain advanced...
AI and machine learning career paths, trends and job prospects
Learn about the job prospects for artificial intelligence and how to prepare for a career in it.
Will a Digital Bill of Rights solve machine learning and privacy issues?
Will the Digital Bill of Rights fix the machine learning algorithm and privacy conundrum?
Decentralized identifiers (DIDs) and blockchain: The silver bullet for online privacy?
Learn more about decentralized identifiers and the role they play in keeping your privacy and data intact.
Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations
A new Cryptocurrency Enforcement Framework was recently released. Learn how it may impact cryptocurrency, cybersecurity and digital forensics investigations.
Smart Toys and Their Cybersecurity Risks: Are Our Toys Becoming a Sci-Fi Nightmare? [updated 2021]
As smart toys get more advanced, they bring more cybersecurity risk with them.
Japan’s IoT scanning project looks for vulnerable IoT devices
The Internet of Things (IoT) is still a baby compared to other computing technologies, but the market has already exploded and continues to expand at a healthy...
NIST first responder guidance: Balancing mobile security with response time
The NIST 1800-13 standard describes how public safety first responder organizations can improve access to sensitive data without compromising security
Critical software security guidance issued by NIST
Explore the five best practices in cybersecurity risk mitigation for all organizations based on NIST's Security Measures for EO-Critical Software Use.
Infosec Skills May Challenge: You’re our only hope!
Join the quest for new skills, bragging rights and over $1,000 in prizes. Each month, we’ll release a brand new challenge. Can you complete it?
ICS cyber ranges: Hands-on training for industrial control system security teams
Incident response has been a pillar of cybersecurity for decades. But plans to account for the unique risks surrounding the specialized command and control...
Introduction to the DoD Cyber Workforce Framework (DCWF)
In response to the ever-changing world, including the increased focus on cyberspace as a theater of war, the US Department of Defense (DoD) decided that it...
DoD 8570 IAT certification and requirements [updated 2020]
The US Department of Defense (DoD) hosts a number of directives that set out the requirements of their workforce. DoD 8570, titled “Information Assurance...