Internet Security

Internet Security | News, how-tos, features, reviews, and videos

browser security
Feature

New Windows browser security options and guidance: What you need to know

binary cyberattack cybersecurity hacked protected
Feature

SSRF attacks explained and how to defend against them

Praying mantis among green leaves [camouflage/stealth]
News Analysis

APT group hits IIS web servers with deserialization flaws and memory-resident malware

Praying Mantis group is likely a nation-state actor that uses custom malware and is adept at avoiding detection.

vulnerable breach cyberattack hacker
Feature

How API attacks work, and how to identify and prevent them

Attackers know how to get around WAFs and API gateways when targeting APIs. Here's how some companies are coping with the rapid increase in API attacks.

Encrypted blocks of multicolored data cubes rolling out.
Feature

What's next for encryption if the RSA algorithm is broken?

A recent, yet to be proven paper claiming to have found a way to "destroy the RSA cryptosystem" has cryptographers asking what might replace it.

backdoor / abstract security circuits, locks and data blocks
News Analysis

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

cso security hacker breach gettyimages 1134588944 by jossnatu 2400x1600px
Feature

Booming dark web gig economy is a rising threat

Experts seen a sharp increase in help-wanted ads for black hat hackers-for-hire. Here's what they are targeting and how to respond to the threat.

padlock / Domain Name System / DNS / ICANN / security
Feature

DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic

DoT and DoH provide data confidentiality with end-to-end encryption for DNS traffic, but each has trade-offs.

CSO > secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms
Feature

7 critical IT policies you should have in place

Putting a framework of IT policies that should be the foundation of every company's security plan.

keyboard laptop microsoft edge logo web browser by urupong getty images 1200x800
How-To

How to harden Microsoft Edge against cyberattacks

Chromium-based Edge gives enterprises the opportunity to standardize on one browser. Here are the key security settings you need to know.

Email takeover > Puppeteer hands manipulating strings
How-To

How to avoid subdomain takeover in Azure environments

Active but unused subdomains in Microsoft Azure give attackers the opportunity to use them for malicious purposes. Here's how to identify and delete vulnerable subdomains before attackers do.

5 cryptography and data protection
Feature

What is cryptography? How algorithms keep information secret and safe

Cryptography is the science of keeping information secret and safe by transforming it into form that unintended recipients cannot understand. It makes secure data transmission over the internet possible.

internet web browser https / url address bar
Review

Silo for Safe Access: A more secure web browser for some use cases

Authentic8's Silo is a sandboxed web browser designed to protect users and systems from malicious code. It can be a more secure option than VPNs or virtual desktops in some cases.

A virtual checkmark in digital system / standards / quality control / certification / certificates
Security IntelligenceBy

Why it's time to shift to extended validation certificates

More than ever, a strong organizational identity is essential for building trust with users.

A censorship label is splashed across an image of a man hiding behind his laptop.
News Analysis

TLS attacks and anti-censorship hacks

Despite safeguards in TLS 1.3, China is still censoring HTTPS communications, according to a new report. There are workarounds to this. Plus, how TLS can be used as an attack vector.

Check mark certificate in a binary tunnel / standards / quality control / certification / certifi
Feature

4 best practices for managing and tracking SSL and TLS certificates

Do you know what SSL protocols you expose to your users? Are your settings optimized for security? Have you properly deprecated older TLS certs? Here's what you need to know.

Industry 4.0 / Industrial IoT / Smart Factory / Engineer conrols robotics via tablet.
News

Protocol gateway flaws reveal a weak point in ICS environments

Research presented at this week's Black Hat conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.

data keys encryption password by gerd altmann cc0 via pixabay
News Analysis

Mathematical Mesh alpha release promises better end-to-end encryption

Web pioneer proposes a new cryptographic system that relies on threshold key infrastructure to improve end-to-end encryption.

padlock / Domain Name System / DNS / ICANN / security
Feature

DNSSEC explained: Why you might want to implement it on your domain

The Domain Name System Security Extensions provide cryptographic authentication to prevent redirection to rogue websites, but owners of many domains have yet to adopt it.

IPv6 wireless network protocol
Feature

7 points your security team needs to know about IPv6 (but probably doesn't)

The IPv6 protocol affects the security of your network even if you haven't deployed it internally. Here are the most important points every security team needs to understand about the protocol.

Load More