Welcome! Here are the latest Insider stories.

More Insider Sign Out

Internet Security

Internet Security | News, how-tos, features, reviews, and videos

binary cyberattack cybersecurity hacked protected

Feature

SSRF attacks explained and how to defend against them

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. Defending against them can be relatively easy.

browser security

Feature

New Windows browser security options and guidance: What you need to know

Microsoft has added new Edge update options and enhanced browser security modes, including a beta Super Duper Secure Mode.

Praying mantis among green leaves [camouflage/stealth]

News Analysis

APT group hits IIS web servers with deserialization flaws and memory-resident malware

Praying Mantis group is likely a nation-state actor that uses custom malware and is adept at avoiding detection.

vulnerable breach cyberattack hacker

Feature

How API attacks work, and how to identify and prevent them

Attackers know how to get around WAFs and API gateways when targeting APIs. Here's how some companies are coping with the rapid increase in API attacks.

Encrypted blocks of multicolored data cubes rolling out.

Feature

What's next for encryption if the RSA algorithm is broken?

A recent, yet to be proven paper claiming to have found a way to "destroy the RSA cryptosystem" has cryptographers asking what might replace it.

backdoor / abstract security circuits, locks and data blocks

News Analysis

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

cso security hacker breach gettyimages 1134588944 by jossnatu 2400x1600px

Feature

Booming dark web gig economy is a rising threat

Experts seen a sharp increase in help-wanted ads for black hat hackers-for-hire. Here's what they are targeting and how to respond to the threat.

padlock / Domain Name System / DNS / ICANN / security

Feature

DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic

DoT and DoH provide data confidentiality with end-to-end encryption for DNS traffic, but each has trade-offs.

CSO > secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms

Feature

7 critical IT policies you should have in place

Putting a framework of IT policies that should be the foundation of every company's security plan.

How-To

How to harden Microsoft Edge against cyberattacks

Chromium-based Edge gives enterprises the opportunity to standardize on one browser. Here are the key security settings you need to know.

Email takeover > Puppeteer hands manipulating strings

How-To

How to avoid subdomain takeover in Azure environments

Active but unused subdomains in Microsoft Azure give attackers the opportunity to use them for malicious purposes. Here's how to identify and delete vulnerable subdomains before attackers do.

5 cryptography and data protection

Feature

What is cryptography? How algorithms keep information secret and safe

Cryptography is the science of keeping information secret and safe by transforming it into form that unintended recipients cannot understand. It makes secure data transmission over the internet possible.

internet web browser https / url address bar

Review

Silo for Safe Access: A more secure web browser for some use cases

Authentic8's Silo is a sandboxed web browser designed to protect users and systems from malicious code. It can be a more secure option than VPNs or virtual desktops in some cases.

A virtual checkmark in digital system / standards / quality control / certification / certificates

Security IntelligenceBy Zeus Kerravala

Why it's time to shift to extended validation certificates

More than ever, a strong organizational identity is essential for building trust with users.

A censorship label is splashed across an image of a man hiding behind his laptop.

News Analysis

TLS attacks and anti-censorship hacks

Despite safeguards in TLS 1.3, China is still censoring HTTPS communications, according to a new report. There are workarounds to this. Plus, how TLS can be used as an attack vector.

Check mark certificate in a binary tunnel / standards / quality control / certification / certifi

Feature

4 best practices for managing and tracking SSL and TLS certificates

Do you know what SSL protocols you expose to your users? Are your settings optimized for security? Have you properly deprecated older TLS certs? Here's what you need to know.

Industry 4.0 / Industrial IoT / Smart Factory / Engineer conrols robotics via tablet.

News

Protocol gateway flaws reveal a weak point in ICS environments

Research presented at this week's Black Hat conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.

data keys encryption password by gerd altmann cc0 via pixabay

News Analysis

Mathematical Mesh alpha release promises better end-to-end encryption

Web pioneer proposes a new cryptographic system that relies on threshold key infrastructure to improve end-to-end encryption.

Load More

Popular Resources

White Paper

Forrester Report: Introducing the Zero Trust Edge Model for Security & Network Services
eGuide
Sponsored

Cloud security: Whose responsibility is it?
White Paper

Manufactured In-house for Enhanced Security: Here’s why it matters where your device is built
Video/Webcast
Sponsored

Be Prepared for the Unexpected - How Cyber Threat Resiliency Can Protect, Fortify, and Defend Your Endpoints
eBook
Sponsored

Container Security 101 - Understanding the Basics of Securing Containers

See All

Most Popular