Resources

Blog

Understanding Cybersecurity Footprinting: Techniques and Strategies

Footprinting, also known as fingerprinting, is a methodology used by penetration testers, cybersecurity professionals, and even threat actors to gather information about a target organization to identify potential vulnerabilities. Footprinting is the first step in penetration testing. It involves scanning open ports, mapping network topologies, and...
Blog

Fortifying IoT Devices: Unraveling the Art of Securing Embedded Systems

Interconnected, data-enabled devices are more common now than ever before. By 2027, it is predicted that there will be more than 41 billion new IoT devices. The emergence of each new device offers a fresh vulnerability point for opportunistic bad actors. In 2022, there were over 112 million cyberattacks carried out on IoT devices worldwide....
Blog

VERT Threat Alert: October 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1077 on Wednesday, October 11th. In-The-Wild & Disclosed CVEs CVE-2023-41763 While this vulnerability is labeled as a Skype for...
Blog

Cybersecurity Trends to Watch in the US in the Next 5 Years

As cyber threats grow more frequent and sophisticated, the need for vigilant defense is paramount, and cybersecurity is top of mind for organizations nationwide. Understanding the threat landscape and current and future trends is crucial to designing effective security strategies to mitigate risk and keep companies, their employees, and their data...
Blog

Compliance vs. Security: Striking the Right Balance in Cybersecurity

Compliance and security often go hand in hand as ideas that attempt to protect against cyber threats. While both compliance and security are designed to lower risk, they are not mutually inclusive—that is, not everything that is required for compliance will necessarily help with security, and not everything that bolsters security will necessarily...
Blog

Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA

A joint cybersecurity advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. The report aims to detail the weaknesses found in many large organisations,...
Blog

Tripwire Patch Priority Index for September 2023

Tripwire's September 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve 5 vulnerabilities such as out of bounds memory access, type confusion, and use after free. Next on the patch priority list this month are patches for...
Blog

How MSSPs Help with Cybersecurity Compliance

While always a part of business, compliance demands have skyrocketed as the digital world gives us so many more ways to go awry. We all remember the Enron scandal that precipitated the Sarbanes-Oxley Act (SOX). Now, SOX compliance means being above board on a number of cybersecurity requirements as well. Fortra's Tripwire recently released a new...
Blog

What is NERC? Everything you need to know

What is NERC?NERC stands for North American Electric Reliability Corporation. It is the organization behind ensuring the security and reliability of electric grids, and the NERC Critical Infrastructure Protection (CIP) reliability standard is the tool that provides responsible entities with the processes to achieve a crucial mandate: secure the...
Blog

Key Takeaways from the 2023 Domain Impersonation Report

One of the most pervasive and unavoidable threats on the internet, domain impersonation can be used by bad actors as the basis for a wide range of attacks. The various ways in which cybercriminals make use of lookalike domains often fluctuate, and the first half of 2023 has exemplified this fact. Staying on top of security and not falling victim to...
Blog

ICS Environments and Patch Management: What to Do If You Can’t Patch

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Known unpatched vulnerabilities are often exploited by criminals to penetrate Industrial Control Systems (ICS) environments and disrupt critical...
Blog

Fighting AI Cybercrime with AI Security

On August 10th, the Pentagon introduced "Task Force Lima," a dedicated team working to bring Artificial Intelligence (AI) into the core of the U.S. defense system. The goal is to use AI to improve business operations, healthcare, military readiness, policy-making, and warfare. Earlier in August, the White House announced a large cash prize for...
Blog

ZeroFont trick makes users think that message has been scanned for threats

It's nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to get their marketing messages past anti-spam filters and in front of human eyeballs. It's enough to make you...
Blog

What Does Secure by Design Actually Mean?

In this era shaped by digital innovation, the concept of Secure by Design is a critical safeguard against cyber threats. Read on to delve into the essence of Secure by Design and its profound relevance in today's technology landscape. As cyberattacks grow more sophisticated, comprehending the proactive principles behind secure design is paramount to...
On-Demand Webinar

Best Practices for the PCI DSS 4.0 Countdown

The deadline for compliance with the Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements isn’t until March 31, 2024, but organizations that allow those remaining months to fly by without adequate preparation may face last-minute PCI panic. The best approach is to steadily reach key milestones so you’ll be fully prepared when the deadline arrives. Watch the on-demand webinar...
Blog

The Cost of Cybercrime in the US: Facts and Figures

The importance of cybersecurity is no secret in our increasingly digital world. Even individuals who have no experience or expertise in tech or related fields are aware of the threat of hacking, phishing, and the like. It can be difficult, however, to actually quantify the risks of being targeted by these attacks. Keeping track of the trends in...
Blog

Closing Integrity Gaps with NIST CSF

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST...