Blog

Blog

ICS Environments and Patch Management: What to Do If You Can’t Patch

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Known unpatched vulnerabilities are often exploited by criminals to penetrate Industrial Control Systems (ICS) environments and disrupt critical...
Blog

Fighting AI Cybercrime with AI Security

On August 10th, the Pentagon introduced "Task Force Lima," a dedicated team working to bring Artificial Intelligence (AI) into the core of the U.S. defense system. The goal is to use AI to improve business operations, healthcare, military readiness, policy-making, and warfare. Earlier in August, the White House announced a large cash prize for...
Blog

ZeroFont trick makes users think that message has been scanned for threats

It's nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to get their marketing messages past anti-spam filters and in front of human eyeballs. It's enough to make you...
Blog

The Cost of Cybercrime in the US: Facts and Figures

The importance of cybersecurity is no secret in our increasingly digital world. Even individuals who have no experience or expertise in tech or related fields are aware of the threat of hacking, phishing, and the like. It can be difficult, however, to actually quantify the risks of being targeted by these attacks. Keeping track of the trends in...
Blog

Closing Integrity Gaps with NIST CSF

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST...
Blog

Defending against DDoS Attacks: What you need to know

Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be...
Blog

8 of the Best Cybersecurity Conferences

In the rapidly evolving realm of digital security, staying ahead of cyber threats requires continuous learning and collaboration. Cybersecurity conferences stand as beacons of knowledge, drawing experts and enthusiasts from across the globe. We’ve curated a list of the top eight cybersecurity conferences, each a melting pot of insights, innovations...
Blog

Snatch ransomware - what you need to know

What's happened? The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch." Snatch? As in the movie from twenty odd years ago? I'm not sure I've heard of Snatch before... Maybe you haven't. They don't have as high a profile as...
Blog

FBI's Most Wanted Cybercriminals in 2023

In an increasingly digitized world, the threat of cybercrime looms larger than ever. The FBI's relentless pursuit of cybercriminals remains a critical defense against this growing menace. We’re well into 2023, and the FBI's Most Wanted Cybercriminals list takes center stage, highlighting the individuals who pose significant threats to our digital...
Blog

Increasing Your Business’ Cyber Maturity with Fortra

When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra occupies a unique space in the industry because of the sheer size of...
Blog

The Consequences of Non-Compliance in Cybersecurity: Risks and Penalties

Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and the erosion of a company's hard...
Blog

How to Protect Your Facebook Account from Cybercriminals

The social media landscape has undergone dramatic change in recent years. Elon Musk bought Twitter and changed its name to "X." Mark Zuckerberg bought Instagram and WhatsApp before launching Threads to capitalize on Twitter's recent PR disasters. TikTok came out of nowhere to become the platform of choice for Gen Z. One thing, however, has stayed...
Blog

How to Build an Effective ICS Security Program

How to Build an Effective ICS Security Program Of all the different areas of cybersecurity, not many are as important, or have as far-reaching consequences as industrial control systems (ICS) security. While most relevant organizations would agree that ICS security is a significant concern for their operations, it is easier said than done. Many...
Blog

BLASTPASS: Government agencies told to secure iPhones against spyware attacks

What's happened? CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A "zero-click attack"? That's an attack that doesn't require any interaction from...
Blog

Guarding Against Fileless Malware: Types and Prevention

Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional malware, fileless attacks are stealthier in nature, falling under the category of low...
Blog

5 Reasons Why You Should Conduct Regular Cybersecurity Audits

Cyber threats are growing more sophisticated, covert, and frequent every day. This year alone has seen the likes of T-Mobile and PharMerica suffering serious security breaches. These incidents disrupted operations and threatened their bottom lines, not to mention the lingering aftereffects and negative brand perception in the eyes of their customers...
Blog

Life in the Clouds: Navigating Security Challenges in Cloud Environments

As the realm of technology continues to evolve, the significance of cloud computing has grown exponentially. This paradigm shift offers unparalleled scalability, efficiency, and cost-effectiveness benefits. However, with these advantages come a host of security challenges that need careful consideration. This article delves into the vital realm of...
Blog

OT Security: Risks, Challenges and Securing your Environment

Before the revolution of Information Technology (IT), the world experienced the revolution of Operational Technology (OT). Operational Technology is the combination of hardware and software that controls and operates the physical mechanisms of industry. OT systems play an important role in the water, manufacturing, power, and distribution systems...
Blog

10 Mistakes in Cybersecurity and How to Avoid Them

It's easy to rest on our laurels. Prevent a few breaches – or go long enough without one – and you start to feel invincible. While our efforts are certainly laudable, we can't get too comfortable. As defenders, we always need to be on the hunt for what we've missed and ways to do better. Here are ten common cybersecurity mistakes that crop up (and...
Blog

Tripwire Patch Priority Index for August 2023

Tripwire's August 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Excel, Visio, Teams, and Outlook. The patches resolve 10 issues including remote code execution, information disclosure, security feature bypass, and spoofing...