Let's learn about Information Security via these 178 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any technology.The practice of protecting information systems from unauthorized access, use, disclosure, disruption, modification, or destruction, critical for safeguarding data in the digital age.1. Databases and Blockchains, The Difference Is In Their Purpose And DesignThere is much confusion as to what a blockchain is and its dichotomy with a database. A blockchain is actually a database because it is a digital ledger that stores information in data structures called blocks. A database likewise stores information in data structures called tables. However, while a blockchain is a database, a database is not a blockchain. They are not interchangeable in a sense that though they both store information, they differ in design. There is also a difference in purpose between the two, which is perhaps what is not clear to those who want to understand why blockchains are needed and why databases are better suited for storing certain data.2. We reverse engineered 16k apps, here’s what we foundIn Nov’16, we created an online tool to reverse engineer any android app to look for secrets. 3. Cybersecurity Tips: Vulnerability Scanners EssentialsCybersecurity Vulnerability Scanners Essentials, OWASP ZAP, Burp Suite, Nessus, Sn1per, Metasploit, SQLMap. 4. Strengthening Cybersecurity: Breaking Down inDrive’s Bug Bounty ProgramLearn how inDrive's bug bounty program strengthens cybersecurity by collaborating with white hat hackers to detect vulnerabilities and optimize security process5. How to Protect your ERP System Against Cyber AttacksHow to protect your ERP system against cyber attacks?6. IT Audit | Step-by-Step GuideIn 2020, an IT audit is important for all organizations. It provides insights into the business’ IT infrastructure and how it can be improved.7. Getting Started With Digital Forensics Using the Sleuth KitBased on an Interpol review due to the popularity of IoT devices and an increase in cyber attacks, the digital forensics market is expected to grow to USD 9.68 billion by 20228. What is Secure SDLC?Software Development Life Cycle is a framework that describes the software life cycle. Its purpose is to help build quality development processes. 9. 10 things InfoSec Professionals Need to Know About NetworkingSo this story stems from the fact that I’ve plopped myself into the InfoSec world from App Development and from my Sec work I’ve really seen and understood that there is a need for a greater security understanding amongst devs, and the planet in general.10. Is Cyber Security Hard? How to Find Your Way inCybersecurity is a broad, changing, challenging and complex field. To get into it, go beyond application forms with the tips described here.11. WiFi Beaconing: A Way to Save Lives via Beacon FloodingMost of us have heard of WiFi beaconing or beacon flooding, or not? So what is it exactly and why does it matter for the purpose of this article?12. ISO/IEC 27035: The Incident Security Incident Management GuideWe will learn about the security incident phases, security incidents response planning (IRP), and Incident Response Team Structures.13. Attack Default SSH Username/Passwords Using MetasploitThis is a quick tutorial for using Metasploit to attack default user names and passwords in our lab environment. 14. Cracking the SANS GSEC CertificationThe SANS GIAC Security Essentials (GSEC) certification is for anyone working in the field of Information Security.15. What Is White-Box Cryptography?White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new "white-box" program can be safely run in an insecure environment.16. What Is the GIAC Penetration Tester (GPEN) Certification?You need to ensure your resources are put to the best use. With that in mind, it is important to know more about what the GIAC Penetration Tester Certification 17. How To Analyse and Visualize DMARC Reports using Open-Source ToolsSending mail might sound easy, but to avoid getting your mail caught in spam filters, and to prevent others from sending spoofed email in your name, you need to employ different preventive methods. One such method is DMARC, which allows domain administrators to apply policies with regard to email authentication. You also have the possibility to get reports sent to you with the results of the applied policy.18. CISSP Preparation Guide: What to Do and What Not to DoThis article provides tips and support for those interested in preparing for the Certified Information Systems Security Professional (CISSP) exam. 19. Insight Into TCP/UDP, Network Vulnerabilities and Defense ApproachesThis article provides the network vulnerabilities and defense approaches, with a focus on all the TCP and UDP ports, Port vulnerability, and learn more about Windows, Linux server operation guide.20. Phone Scams: What Is Vishing And How You Can Avoid ItThe attack combines a one-on-one phone call with credible-looking phishing sites where the user is required to fill in their credentials and their MFA codes.21. Factors to Consider in Crafting Effective Security Awareness TrainingDiscover key factors for crafting effective security awareness training. Enhance your organization's security with these essential insights.22. Penetration Testing And Vulnerability ScanningDive into the realm of cybersecurity with our in-depth exploration of vulnerability scanning and penetration testing. Uncover the nuances, security issues, and 23. Why You Should Avoid Using Public WiFiWhy You Should Avoid Using Public WiFi24. VPN Leaks that Threaten Your Online Privacy DailyAccording to research by GlobalWebIndex, in 2018, around 25% of Internet users have used a VPN service. There are several reasons for this spike in popularity, which you can read about in my previous article. One of the main reasons is the ability to bypass geo-blocks and gain access to, for example, a full Netflix library.25. How do Hackers Hide Themselves? - A Guide to Staying Anonymous OnlineThe world has always been fascinated with Hackers. In this video, we’ll learn about how they hide themselves online. 26. Password Security And Thoughts On Authentication MethodsWe use passwords to access personal information and user accounts. With so many applications requiring passwords (e.g. online banking, shopping and social media just to name a few), it can be hard to track and at worst remember. Some applications require users to change their passwords every so often, and that can lead to users forgetting them or getting careless by writing down their password on a piece of paper. That piece of paper can later be misplaced which can lead to worse things. The problem with requiring frequent password changes and applying complexity to passwords is that it can become more complicated for users.27. A Guide to Understanding the Job Roles & Selecting Your Career in CybersecurityThis article covers the top 20 job roles available in the Cyber Security domain along with the job description in a simplified way.28. Understanding the PBKDF2 Аlgorithm With a Java Service ExampleLearn how the PBKDF2 algorithm strengthens the security of passwords by creating cryptographic keys for cryptographic operations like encryption.29. Google Dorking: A Hacker’s Best FriendLearn the basics of Google Dorking and how to use simple search tricks (dorks) to uncover hidden data, admin pages, and more through powerful Google searches30. MITRE Pushes to Launch New Insider Threat FrameworkInsider threats are a problem as old as time. So why are we still not so great at dealing with them?31. What is BGP Hijacking and How Do You Prevent It?BGP, which stands for Border Gateway Protocol, is a path vector routing protocol that is used to connect external organizations to each other.32. CSMA is More Than XDR — An Introduction to Cybersecurity Mesh ArchitectureJust consider how many service providers and models are in the picture. Therefore, it is time for a new and better approach — Cybersecurity Mesh Architecture.33. A Beginner's Guide to Technical Email Security Controls: Understanding SPF, DKIM, and DMARCIt wouldn’t be technology without even more acronyms! In today’s version of Buzzword Soup, let’s take a look at SPF, DKIM, and DMARC, and how they may help stop the phishing scourge plaguing our inbox! 34. Unlocking the Power of Expert Red Teams: How to use Atomic Red Team (ART) to Think Like an Attacker35. Signal Protocol — Open Source, Private, Encrypted Mobile Messaging AppSignal doesn’t store any personal data and is highly transparent about their work because they are an open-source organization rather than a corporation.36. Some of the Most Common Security Vulnerabilities and FixesSo, which security vulnerability types may be exposing your system to cyberthreats at this very moment? How do vulnerabilities appear? And how can we mitigate?37. Clickjacking Attacks: What Are They and How to Prevent ThemClickjacking refers to any attack where is user is tricked into clicking any unexpected web element unintentionally. It is a malicious practice in which the attacker tricks a user to click on another webpage who actually clicks on another page. This technique is mostly used for websites or web pages by overlaying malicious content over a trusted webpage or by placing a transparent element or an entire page over a visible one.38. Cyber Security vs Information SecurityBoth cyber and information security are linked by the core discipline of security, and overlap between the two but we need to recognise the difference.39. How to Use a Zero-Trust Model to Secure Hybrid WorkersAt its core, zero-trust security assumes that every network, device, and user is compromised until it can be proven otherwise. 40. Cybersecurity Basics, Tech Education and Market ReviewCybersecurity is the protection against cyberattacks from devices linked to the Internet, such as hardware, computer software and data.41. Common Attack Vectors that Authentication Services are Faced WithHacking user accounts on many websites is still easier than it could and should be. This blog post helps you secure your application against identity theft.42. From Passwords to Passwordless AuthenticationPasswordless authentication is gradually replacing the password-based authentication practice. The CIA triad of Cybersecurity is changing rapidly. Learn how.43. Explaining Info-Sec in Layman's Terms [Part II]The reality of modern information security in enterprises around the world explained in layman's terms for the uninitiated to understand and visualise.44. Data Brokers and You: The Invisible Trade of Personal InformationData brokers are companies or individuals that collect information from a variety of sources, such as public records, purchase histories, and social media.45. Implementing Zero Trust SecurityAt its core, Zero Trust is an intuitive concept: assume that every device, user and network is compromised until proven otherwise. 46. GenAI Incident Severity Matrix: Custom Scoring Model for Cybersecurity ResponseGenAI is integral part of modern tech stack and responding to GenAI infrastructure requires a new approach47. Why the SUNBURST Incident is More Alarming than the FireEye’s HackWhy the SUNBURST incident is more alarming than the FireEye’s hack.48. Kraken Delists Monero: Here's Why The Future of Privacy Coins Are Under AttackKraken delists Monero (XMR) in the EEA due to regulatory pressures, spotlighting the challenges privacy coins face under stricter EU crypto rules.49. What Could Have Prevented 2020's Massive Twitter Hack?Attacks and account take-overs like the recent Twitter hack are completely avoidable. Enterprises must implement biometric multi-factor authentication to ensure that only the right users have access to the right systems at all times. If they don’t, users will continue being vulnerable to hacks and scams.50. CVE-2022-31705: Bridged Creek Vulnerability ReportInformation on the CVE-2022-31705 critical sandbox escape vulnerability announced by VMWare.51. A Beginner's Introduction to Database Backup SecurityWith more companies collecting customer data than ever, database backups are key.52. How to Optimize Your Salesforce SecurityCompanies implementing Salesforce’s internal security solutions may find their customizations limit visibility into the risks that can impact other processes.53. Kerberoasting Attacks Surge: CrowdStrike's 2023 WarningExplore the 583% rise in Kerberoasting, as CrowdStrike's 2023 report highlights this growing cyber threat exploiting Kerberos protocol vulnerabilities.54. What is Runtime Application Self-ProtectionWhat is Runtime Application Self-Protection? Know how RASP is capable of controlling app execution, detecting & preventing real-time attacks.55. Why Zero-Day Attacks are so Dangerous and How to Stop ThemCybersecurity is becoming an internal and important part of a business's functioning as more and more enterprises are going online with their businesses. 56. In 2019, Securing Data Is No Easy Task. Clickjacking- A Case StudyThis article is about my journey to understand the current practice of de-anonymization via the clickjacking technique whereby a malicious website is able to uncover the identity of a visitor, including his full name and possibly other personal information. I don’t present any new information here that isn’t already publicly available, but I do look at how easy it is to compromise a visitor’s privacy and reveal his identity, even when he adheres to security best practices and uses an up-to-date browser and operating system.57. The SIM Swap Attack : Addressing This Identity Fraud ProblemThe SIM-Swap Attack makes use of customer support in the telecom service provider’s system. Here are Prevention and Mitigation Methods against Sim Swap Attacks.58. A Guide to Authentication MethodsStaying safe on the internet has grown harder over the past few years as both technology and hackers have developed. Recently though, hackers are gaining an edge by not just manipulating the tech, but by manipulating the users themselves. In 2018, weak or stolen passwords were tied to over 80% of security breaches and in 2019, there were over 150,000 security incidents and nearly 4,000 confirmed data breaches. In 2020 alone, more than 15 billion stolen credentials were up for sale on the dark web. All this data points out the fact that our current way of protecting data is flawed, but making a new way to protect it while still maintaining security and convenience is a high mark to hit.59. What You Should Learn Before Learning Cybersecurity - Updated 2022Have you been looking to learn Cybersecurity but you’re unsure where to start from? Here’s a great guide on where to start!60. Your SaaS User Communications: Don't Overlook the Security IssuesIn this article, we cover why you should look closely at how secure your customer communications are and implement strict security measures for emails, push not61. Discussing Web3 Security with Forta Ecosystem Lead Andrew Beal A conversation with Andrew Beal, the spokesperson of Forta, on Web3 security, the rise in DeFi hacks, and where blockchain protocols are going wrong.62. To All My Friends: Don’t Be An Idiot or Passive With Your Online PrivacyComplacency with privacy invasion has become our 6th sense. Handing over the intimate details of our lives to corporate and government stooges has become a virtue and civic duty. It should come as no surprise that, even for a society dripping with tech-savviness, the average person would rather their government act than to take action themselves. According to Pew Research: 63. Best Practices for Securing Cloud Environments Against Cyber ThreatsSecure your cloud environment with best practices like data encryption, IAM, regular audits, and Zero Trust to protect against cyber threats and data breaches64. 7 Best DevOps Security Practices: DevSecOps and Its MeritsDevOps has transformed the way operational engineers and software developers reason. Gone are the days when a code was written, implemented, and managed by operations. The DevOps model has remodeled the system of product and application production. As a result, faster results have become the pinnacle of delivering at the speed which the market demands.65. Why your Company Needs a Virtual Chief Information Security OfficerWhy should your company hire a virtual CISO to increase security? 66. 5 Popular Professions in CybersecurityCybersecurity jobs are valuable in 2022 because of an increased number of hacks. Among the top cybersecurity jobs are anti-fraud analyst and reverse engineer.67. CVE-2022-42856: Adjoining Splittail Vulnerability ReportA look at CVE-2022-42856, reported by Apple as a vulnerability under active exploitation.68. "Vibe Hacking" and the Rise of the AI-Augmented AttackerAI is helping attackers level up. Here’s how phishing, recon, and exploitation are evolving and why outdated defenses won’t cut it anymore.69. 5 Best Free Trial VPN Services in 2023Trying to find the best VPN can be a daunting task, especially when there are so many to choose from. While free VPNs might seem like an easy way to dive into better security and bypass content locks, many of them are also likely to steal information and leave users in worse spots than they already were. Not every free VPN does this, but those wishing to truly be secure online will be much more comfortable with a paid service. Luckily, some of the best VPN services come with a free trial, and users would do very well to take advantage of them.70. Why Vulnerability Detection is Important in the IT SpaceA look at why vulnerability detection is important in the it space71. Awareness Is Not Understanding: The Missing Link in Cybersecurity Awareness CampaignsThe only way to make cybersecurity awareness campaigns effective is for users to understand the consequences and see that they have skin in the game.72. Understanding & Recognizing Different Cyber Threats: What to Look Out ForThis article will dive into understanding & recognizing some cyber threats. It will not cover every example for each attack or every attack. 73. How Blockchain Relates to the Byzantine Generals Problem [One Minute Explanation] Before we can understand how the Blockchain works, we need to understand the problem it is trying to solve.74. The ZEE5 User Data Leak That The Media Didn't Report OnIn an exclusive story reported on my blog about a month ago and on no other mainstream media outlet, credentials of some 1,023 Premium accounts were found floating on the web. These user accounts belong to the popular video-on-demand streaming service, ZEE5.75. AI's Growing Role in CybersecurityLearn how AI is transforming cybersecurity through enhanced threat detection, automation, and its future potential alongside human expertise.76. How You Can Use Pepper to Further Secure Encrypted PasswordsWe already understand the importance of encrypting passwords before saving them in the database. 77. Cyber Security: A Guide on Choosing a Reliable Service Nowadays, Cyber security is a trending topic around the globe. It has become a necessity for every business with the growing cyber threats. 78. Artificial Intelligence is No Match for Natural StupidityA Lazy Introduction to AI for Infosec. 79. Viewing K8S Cluster Security from the Perspective of Attackers (Part 2)This article will continue to introduce attack points on K8S Cluster security.80. 6 Skills You Need to Succeed In CybersecurityCybersecurity is the most popular career skill these days. With the right skills set one can easily become cybersecurity expert and secure a high paying jobs.81. The What and Why of TokenomicsDo you find the concept of tokenomics a bit strange? Learn about the meaning and importance of tokenomics in this article. 82. Unlocking the Future of Web3: COTI's Ambitious Plan for Privacy-Centric Ethereum L2COTI V2: Navigating the Web3 Frontier – A Saga of Privacy, Collaboration, and Digital Commerce Revolution83. Is Excel a Security Risk?Is Excel a security risk? This guide shows why some people have concerns with using this spreadsheet software for sensitive information. 84. Guide to Risk Assessment Management and ISO/IEC 27002/27005The goal of risk management is to identify the potential problems before they emerge. Usually, they occur unconditionally. It helps the IT managers to balance the CAPEX/OPEX costs in the organization and also take protective measures and gains much control power.85. Why Do We Need Decentralized Finance?Decentralised finance has been considered as an important vertical application of blockchain technology. 86. Smart Cities: Cybersecurity in the Era of IoTA smart city is representative of urbanization in the digital world. The infrastructure of smart cities is built on embedded Internet of Things (IoT) technology. The smart city promises new opportunities and growth in the urban world. These opportunities include better connectivity, productivity, agility, and innovation. However, it is a known fact that with opportunities come challenges.87. Understanding What Security Testing Is & Its Importance with The Top Tools and Key PrinciplesIn this article, we will explore what security testing is, the top tools for security testing, and the key principles of security testing. 88. Changes and Trends in DeFi SecurityEver since it emerged in mid-2020, DeFi has been a major trend in the cryptocurrency industry, which was (and still is) quite understandable. It brought a way to make money passively, it enabled loans that you can get in exchange for providing collateral, but most importantly, it allowed you to use your existing money to make more money, without the risks that accompany crypto trading.89. What I learned About Cybersecurity after becoming an ISSAP®Being a great security professional is not just about how excellent your technical skills. It would be best if you were particular about the choices or suggesti90. The Blockchain Is Not DeadHow and why the blockchain should be placed front and centre of the secure software supply chain and why it is more useful than some people may think. 91. I Hacked My Coffee Shop and Accessed My Data: Hacking Your Application May Be Easier Than You ThinkI noticed a suspicious behavior on the weekly email from my coffee shop's subscription; it was offering I edit my preferences directly through a dedicated link.92. How Proxies & Browsers Are Meant to Work TogetherProxies can be used for an IP covering, but other distinguishing features need something more. And all this because of a digital fingerprint revealing us.93. The Journey into Digital Forensics: Exploring Career Opportunities (Revealing Insights)Explore career opportunities in Digital Forensics and Incident Response. Learn about the skills, training, and roles in this critical cybersecurity field.94. Meet the CyberSecurity Analyst Who Also Loves Trying Out Food RecipesI write about what keeps businesses secure and profitable and provide advisory to decision makers.95. Explaining Info-Sec in Layman's Terms [Part I]Understanding the common keywords used in the info-sec industry that are used in conjunction with that complicated OWASP Top 10 WAST96. LDAP Injection Vulnerability, Explained LDAP or Lightweight Directory Access Protocol is a methodology designed to read data in a directory, file or device. This is actually a directory access service which, for instance, can be used to provide information about a user who is trying to login as part of a single-sign-on, SSO process.[97.Relationship between Privacy and Information Security and the Role of Government](https://hackernoon.com/relationship-between-privacy-and-information-security-and-the-role-of-government)GDPR reshaped healthcare data governance — but compliance remains inconsistent. Here's what eight years of research shows.98. Here's Why Your UEBA Isn’t Working (and How to Fix It)Traditional UEBA can't catch modern threats. Learn how AI-powered behavioral analytics detects sophisticated attacks instantly without months of training.99. Are You Prepared to Respond to Advanced Security Incidents?100. 3 Security Mindsets for Engineers, Consultants and ArchitectsDescribing a security mindset generally is impossible to be practical at the same time. To handle that, I would like to put your mind into 3 roles.101. 10 Reasons to Get Your Cybersecurity CertificationThe set of skills that are mostly expected by the employers can be gained by the cybersecurity certifications, it will prepare you for the diversity needed in the sophisticated areas of cybercrime. So, here are the top compiling reasons for you to pursue the additional cybersecurity credentials.102. 5 Ways to Add Security to Excel & PDF with .NET Document APIsLearn how GcExcel helps to ensure your application’s code security in these 5 ways!103. Creating a Secure Mobile App: Main Vulnerabilities and Security Practices There are 2.87 million apps on the Google Play Store. it’s the responsibility of the app owner to make sure that all the data use properly. 104. 5 Reasons Why VPNs are not Safe in 2021All good things must come to an end, which may be true for the VPN in 2021. VPNs have been a useful enterprise tool for companies since they started in the 90s,105. How to Create an Effective Incident Response PlanWhen it comes to security incidents, it’s not a question of if, but when they will happen. 80% of organizations say that they have experienced some kind of cybersecurity incident in the last year. With this in mind, it’s essential to have a security incident response plan in place before you need one.106. 6 Tips for Improving Cybersecurity in the WorkplaceIn this post, we'll cover some fundamental and practical ways to boost workplace cybersecurity.107. Free Extension To Scan Go Vulnerabilities in Visual Studio CodeIf you’re a Golang developer using Visual Studio Code, keeping at-risk Go Modules out of your apps just got easier, and for free.108. How Security Engineering is Changing the Cybersecurity IndustryIn this piece, I will expand on one of the trends related to this transformation - namely the rise of security engineering.109. A Free Beginner’s Guide to DNS Security for Work From Home (WFH)Working at home does not mean compromise on security. All in all, it’s necessary to take decisive steps to enforce and sustain DNS protection measures.110. How Should Companies Build a Robust Cybersecurity Culture?In the modern age of information and technology, there’s not a single individual or organization that would object to the tightening of cybersecurity within an enterprise. 111. Database Anonymization: the BasicsExplore the database anonymization process from scratch. Who needs it, and what do we gain? What is anonymization in simple terms? An example of anonymization.112. Top Penetration Testing Companies and ToolsPenetration testing, or 'pen tests' as they are colloquially known, basically consist of a hack or cyber-attack on one's system. 113. AI's Invisible Eye: Your Privacy on the Line in the Digital AgeExplore the intricate relationship between AI and privacy, the potential threats posed by AI, and how we can navigate this complex landscape.114. SAIS-GRC Framework: Establishing Trust and Enhancing Resilience in AI-Driven Supply ChainsThe SAIS-GRC Framework is not a reactive measure but a blueprint for a new competitive advantage.115. How to Keep Mission-Critical Business Data Secure in the Mobile AgeAndrew Nichols | Protecting Mission-Critical Business Data in the Mobile Age[116. How to Write GRC Documentation That Non-Technical Stakeholders Actually Understand](https://hackernoon.com/how-to-write-grc-documentation-that-non-technical-stakeholders-actually-understand)Stop treating GRC as a paperwork exercise. Learn how to refactor dense NIST CSF and ISO 27001 frameworks into actionable, human-readable documentation that deve117. Using Macros and Emulation Voodoo to Solve a CrackmeThis time I’m tackling this beautiful crackme, the third of the series. To solve this we will use radare2’s macros and unicorn emulation. Let’s jump right in!118. Privacy and Security, Though Distinct Concepts, Are InterdependentSecurity & Privacy are often confused, but are distinct. It’s important that we understand the difference so that we can protect ourselves119. How The Hotstuff Protocol is NOT Secure?Each participant stores a tree of pending commands locally, in addition to the state variables viewNumber (starting at 1, stores the highest QC it voted to pre-commit), and prepareQC (starts at nil), lockedQC (starts at nil, stores the highest QC it voted to commit). When a “new-view” or round starts, a public function determines the leader from the current participants. 120. Detecting & Preventing Insider Threats To Your Company: An OverviewIt’s commonly understood that the greatest risk to any organizationcomes from the insider threat, no matter which industry or sector you work in. 121. 132 Stories To Learn About Information SecurityLearn everything you need to know about Information Security via these 132 free HackerNoon stories.122. Beyond Phishing: How Agentic AI Is Weaponizing the Human Element in Next-Gen CyberattacksSecurity expert analyzes how Agentic AI moves beyond simple phishing to autonomously exploit the human element.123. Understanding The Importance of SOC2 Compliance for Data CentersBusinesses rely on Data Center SOC2 Audit Reports for critical business decisions concerning outsourcing services. It helps customers build a sense of trust.124. How to Keep OpenSSL Updated in an Enterprise Environment Outdated systems can leave us vulnerable to bad actors. Zero-day exploits are common with just about every system that exists. If we do not upgrade regularly, we leave ourselves at the mercy of black-hat hackers who regularly take advantage of any out-of-date application they can find. This is equally true with OpenSSL as with anything else. 125. Helpful Strategies to Combat WhatsApp Security ThreatsIn the previous year, a security flaw was found in the WhatsApp desktop version. It allowed cyber-crooks to push malware or deploy codes by using harmless messages.126. Practical Feedback on Using Machine Learning in Information SecurityDiscover how AI/ML and information security teams combat bad actors using strategies like IP/User/Token-based rate limiting, CAPTCHA challenges, and more. 127. Insider Threats: Unmasking the Foe Within Your OrganizationInsider threat is a reality, but so are ways to prevent and mitigate it.128. Prioritize Vulnerabilities Using Budibase — No Costly Tools NeededA customized strategy for prioritizing vulnerabilities on the Budibase platform.129. Protecting Your Company from Growing Risks of Software Supply Chain AttacksSoftware supply chain attacks are an emerging threat in the cybersecurity world. How can you protect your company against these attacks? Find out here.130. Online Identity Theft: Learn How To Combat ItRisk of becoming a victim of information theft and even online identity theft. In this article we help you find out how to stay safe131. IoT Security Challenges and Risk Mitigation StrategiesThe Internet of Things plays a key role in digital transformation. However, in many cases, organizations realize that they already have a large fleet of legacy 132. Does Anonymization of Data Guarantees Privacy?Anonymization of data isn’t enough to guarantee privacy133. Why 85% of People Reuse Passwords Against Expert AdviceTraditional password advice is technically correct but practically impossible. Analysis shows 85% reuse passwords due to cognitive overload. 134. 5 Reasons Why Enterprises Need Zero Trust SecurityThe notion of “Zero Trust” has been around since the 90s. But, the Zero Trust security model was first coined by John Kindervag to describe stricter access control management and cybersecurity programs, in 2010. Meaning that infinite trust is diminished from all computing infrastructure, and Zero Trust is grounded on the idea “trust none, verify all”.135. Digital Combat: A Guide to Cyber Warfare and CyberTerrorismCyber warfare and terrorism are distinct yet interrelated concepts that have gained increasing relevance in the contemporary digital age. 136. How We Built an M&A Security Playbook: From Due Diligence to Penetration TestingA practical, 3-phase framework for running security assessments and pen testing during M&A - built from real acquisitions, not theory. 137. Securing SaaS Ecosystems: Atmosec's Quest for HackerNoon's CrownAtmosec: Securing hyperconnected SaaS ecosystems. Innovative platform for SaaS security. Get to know more about us in HackerNoon's Startup of the Year awards!138. Ensuring Security: A Guide for Web and Mobile Application DevelopmentAuthentication and authorization for modern web and mobile applications are a key part of most development cycles. This story outlines some considerations. 139. An Introduction to Malware AnalysisMalicious software (Malware) are either programs or files that are intended to cause harm to a system and thereby its user.140. Prioritising Security Vulnerabilities with CVSS 3.1 [An Overview]With thousands of security vulnerabilities reported each month in products ranging from hardware devices to firmware to popular software apps, how does one prioritise what needs the most attention? From a business and project management perspective, it makes sense to, first and foremost, allocate engineering and/or risk assessment resources to the most severe vulnerabilities that need immediate patching. 141. Guide to Information Security for Digital NomadsA practical security guide for digital nomads in 2025 — how to protect your devices, data, and identity while working remotely around the world142. A Growing Necessity for CybersecurityBusinesses and personal users alike, cybersecurity is a growing necessity. With the increase of breaches, cybercrime, and more sophisticated hackers in this world, it is more important than ever to ensure that your data and network are secure and safe from criminals. If you are a business, then you likely have a dedicated IT team that helps ensure the safety of the data and network at your business, but it is important for you to understand what needs to be done so you can better direct your IT department. If you are a personal user, never believe that your data and online security is not valuable, as it most often is just as valuable as your physical possessions. Just as there are steps to prevent intestinal permeability, there are steps that can be taken to prevent someone from hacking your information.143. When Data Integrity Becomes the Ultimate TargetAs cyber threats evolve, data integrity emerges as the ultimate prize learn why protecting truth is the future of security.144. The JBS Foods Cybersecurity IncidentAfter the colonial cyberattack, cybercriminals targeted JBS food supply which resulted in an adverse impact on the IT infrastructure of the company.145. Data Analysis Applied to Auto-Increment API fieldsThis article discusses the security risks of using auto-increment fields in API responses and methods to prevent data leaks and protect business metrics.146. The Principles of Information Engineering on the Internet I envision that the future of Internet, Cyber Laws, Info Security & Governance will be very closely based on these ideas…Information Engineering Principles 147. You’ve Learned to Break Wi-Fi. Now Learn to Lock It Down.A practical guide to Wi-Fi hardening using strong passwords, entropy, OpSec and key router safeguards for a safer, more resilient network.148. What Cybersecurity Professionals Can Learn From The Works of Edgar Allan PoeThe Philosophy and Poetry of Cybersecurity Writing using Edgar Allan Poe as an example.149. How to Make Your Own and Free Backup ApplicationIn our age of rapidly developing technologies, data loss can be a disaster not only for large corporations, but also for the average user, showcasing the immense importance of backup and data recovery in today’s data driven world.150. Reviewing the Security Posture of Web Session Management With WiresharkEvaluating the security posture of the WEB session management and distinguishing common attack patterns and vulnerable conditions.151. 3 Steps to Help Advance Your Cybersecurity CareerI've spent more than 15 years building and leading cybersecurity programs at several Fortune 500 companies in the Financial Services industry. I'm also the Founder & Managing Principal of Fraction Consulting where I get to do fractional CTO & CISO work and advise private capital firms.152. Phishing: Top Threat to Our Online SecurityPhishing is a cheap technique for hackers to steal the victim’s data. Now I am telling you because it really happened to me. It took my most online privacy.153. Hide an Admin User on Cisco IOS (Router/Switch) Platform [A How-To Guide]Beginning Reminder: This article is written for research and experimentation purposes only. Only ever access devices you have written, legal authorization to access.154. Microsoft Bars China-Based Engineers From Work on U.S. Defense Work Microsoft ends the involvement of China-based engineers in U.S. Department of Defense projects after scrutiny. 155. Medical Data Protection: Empowering a Privacy-driven Future With Web 3Let’s imagine a blockchain network, or maybe a depersonalized application (dApp), that ensures maximum patient awareness and participation.156. Courier's Path to Becoming SOC 2 Type 2 CompliantThis post is about what it means to be SOC 2 Type 2 compliant, why it is important that Courier now is, and what our journey looked like on our way here. 157. 8 Basic Steps to Keep Your Remote Development Teams SecureThere is no doubt that the world's workforce is becoming more remote, particularly in tech as developers can now work from any location in the world. But there are a large number of new obstacles that come with this. The most pressing is security.158. A Mature Security Program at Any SizeA lot has been discussed about building security program, but somehow still so many things are commonly missed.159. How To Make an Internal Employee Survey on Endpoint SecurityEmployee’s Endpoint security Internal Survey-Template160. Manage Your Emails Like You Manage Your PasswordsAdd an extra security layer for the protection of your emails. 161. All about Security Information and Event ManagementSIEM stands for "Security Information and Event Management". It is a set of tools and services that offer a holistic view of any organisation's information security. It works by combining two technologies: Security information Management(SIM), which collects data from the log files and runs an analysis on the security vulnerabilities and reports them, and Security Event Management(SEM) which monitors any system on a areal-time basis and also keeps the network admins notified about the threats. SIEM is used to identify threats and anomalies in the network, cyber attacks from gigs of data.162. How to Reduce the Risk of Former Employees Coordinating with Insider ThreatsHere below are a couple of tips to keep in mind when thinking about how to minimize your risk from insider threats.163. Organizing Your Business Statistics to Achieve SuccessIt is not an easy task to keep your business data organized; however, it is an important thing to do. Organizing data includes a lot more than putting all your papers in place and clearing the clutter on your desk. To have your statistics well organized, you have to create a system and procedures for every department available in your company. The following are top ideas o0n how you can get your small business statistics that can help in increasing the productivity of the business.164. Centralization as a Factor Constraining the Development of Secure CommunicationsThe entire history of cryptography, information protection, steganography, and cryptography has been marked by the antagonism of attackers and defenders.165. Secure the Distance: How to Protect the Personal Data of Students Enrolled in Online EducationThe International Telecommunication Union provides security recommendations for schools.166. Empowered Data Security: Unraveling the Mystery to Protect What MattersExplore robust strategies, industry best practices, and emerging technologies to bolster your defenses and ensure your data's confidentiality, and integrity.167. From Conflict to CollaborationChallenges with internal security can be mitigated y finding the equilibrium between business and InfoSec risks and embracing agility in business. 168. The Most Neglected Roles in Cybersecurity are Your Best Bet for EmploymentExplore the often-overlooked but critical defensive roles in cybersecurity, their impact on AI usage, and the best career paths in the evolving digital security169. Being 'Chief Geek' and Running 15 Websites with Noonies Nominee Mathias HellquistSo who TF is Mathias Hellquist and what is a "Chief Geek"? Read this interview to find out.170. Blockchain's Practical Security and Emerging ConcernsThis article explores the multifaceted world of blockchain security, addressing various aspects of concern and providing insights into blockchain concerns.171. IT Security: How to Deal With The Insider ThreatA study by the Wall Street Journal found that almost 70% of companies admitted concern about violent employees! While workers continue to be a major security ri172. Why You Have No Choice But Care About Privacy?What is Privacy in the first place?173. Ensuring Security in Your SaaS Applications [An Overview]Enterprises are constantly faced with the task of balancing the advantages of productivity gains and lower costs against significant compliance and security concerns as they move their data and applications to the cloud.174. Understanding IIC: Identity, Integrity, and ConfidentialityHello again! Did I trick you with the title? I know, Let me get straight to the point. You already know about Encoding, Encryption, and Hashing but when I kept those in terms of Identity, Integrity, and Confidentiality it became a bit confusing. Isn’t it? I just wanted to talk about these techniques in terms of privacy and security. There is a high chance that you already know the things I’m about to explain. But, feel free to give it a read. I’m confident that you would know something useful by the end of this blog. Okay, let’s get into the topic. 175. "The Pandemic Enabled me to Take a Deep Self-reflection" - Joseph Chukwube, 2020 Noonie NomineeJoseph Chukwube from Nigeria has been nominated for a 2020Noonie in the Future Heroes and Technology categories. The Noonies are Hacker Noon’s way of getting to know — from a community perspective — what matters in tech today. So, we asked our Noonie Nominees to tell us. Here’s what Joseph had to share.176. 3 Ways To Protect Company Data From Being Exposed By Your Own EmployeesWhen people think about data leaks, they tend to assume the cause of the threat came from outside the company.177. How to Use the Merchant Network to Combat E-Commerce FraudE-commerce fraud has been a problem websites have been facing for more than a decade. See how Merchant Network can help to fight fraud globally.178. Need for an Identity Theft ProtectionIdentity theft is a blanket term that covers fraudulent and even suspicious action through bank accounts and criminal databases. It is a violation of getting the financial or personal data of a person with the sole objective of feigning that person's name or identity to make purchases or transactions. Thank you for checking out the 178 most read blog posts about Information Security on HackerNoon.Visit the /Learn Repo to find the most read blog posts about any technology.