Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.

DNS security is under serious threat from cyberattackers and domain overseer ICANN wants internet companies to do something about it.

Whether you're looking to perfect your AWS auditing skills or practice the latest cloud exploitation techniques, next month's Black Hat Asia can help you achieve your goals.

The spam campaign is being used to spread a malicious .exe file, taking advantage of a vulnerability in WinRAR which was patched in January.

As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.

Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source.

SHAREit has fixed two flaws in its app that allow bad actors to authenticate their devices and steal files from a victim's device.

From WannaCry and phishing to credential stuffing and cryptomining, attackers relied on many oldie-but-goodie attacks in 2018, according to a pair of new security threat reports.

The pairing brings Sonatype data on open source components to the Kenna Security platform.

A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks.

Firmware vulnerabilities provide direct access to server hardware, enabling attackers to install malware that can pass from customer to customer.

Learn how to combine Enpass and Dropbox into a perfect, cloud-ready password manager.

AI and ML are often touted as silver bullets, but real-world applications for the technology seem thin on the ground.

Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.

Because many organizations tend to overlook or underestimate the threat, social media sites, including Facebook, Twitter, and Instagram, are a huge blind spot in enterprise defenses.

Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Ruslan Stoyanov gets 14 years in Russian prison.

HTML5 used to build persistent malware on victims' computers.

With insight from stakeholders, the politician hopes to develop a strategy to improve the healthcare industry's cybersecurity posture.

Plain-text, unencrypted passwords were sent instead of having users reset them. There was no breach, the firm claims, but how would it know?