Blog

The Latest from Fortify


Threat Feeds
CVE Feed
Loading...

CERT Vulnerability Feed
Loading...

CERT Insider Threat

Cyber Hygiene: 11 Essential Practices

Tightening an organization's cybersecurity can be very complex, and just purchasing a piece of new hardware or software isn't enough ...
Read More

The 3 Pillars of Enterprise Cyber Risk Management

Equifax. Target. The Office of Management and Budget. Each new cyber hack victim has a story that makes the need ...
Read More

Summary (Part 7 of 7: Mitigating Risks of Unsupported Operating Systems)

In this blog series, I explained the five actions your organization can take now to ensure its cybersecurity and address ...
Read More

Blog Expands to Cover More

You've known this blog as the Insider Threat blog, and this will continue to be your go-to source as we ...
Read More

Create a Policy to Manage Unsupported Software (Part 6 of 7: Mitigating Risks of Unsupported Operating Systems)

Although you can accept the risk of running unsupported software, you should treat it as a temporary strategy. In this ...
Read More

Establish and Maintain Whitelists (Part 5 of 7: Mitigating Risks of Unsupported Operating Systems)

Software whitelists, part of an organization's software policies, control which applications are permitted to be installed or executed on an ...
Read More

Upgrade, Retire, or Replace Unsupported Software (Part 4 of 7: Mitigating Risks of Unsupported Operating Systems)

In line with its risk management program, an organization might decide to host unsupported applications on its supported or unsupported ...
Read More

Manage Your Software Inventory (Part 3 of 7: Mitigating Risks of Unsupported Operating Systems)

Having a managed software asset inventory helps an organization ensure that its software is identified, authorized, managed, or retired before ...
Read More
Loading...

ISC Bulletins

Proactive Malicious Domain Search, (Thu, Nov 23rd)

In a previous diary[1], I presented a dashboard that I’m using to keep track of the DNS traffic on my ...
Read More

Internet Wide Ethereum JSON-RPC Scans, (Tue, Nov 21st)

Ethereum is certainly getting a lot of press this year, and with this, we also see the bad guys spending ...
Read More

One month later, Magniber ransomware is still out there, (Mon, Nov 20th)

Introduction Last month in October 2017, several sources reported a new ransomware family distributed by Magnitude exploit kit (EK) [1, ...
Read More

Resume-themed malspam pushing Smoke Loader, (Sun, Nov 19th)

Introduction Malicious spam (malspam) with malware disguised as a resume.  This is a long-running theme frequently used by criminals to ...
Read More

BTC Pickpockets, (Sat, Nov 18th)

I observed requests to my webserver to retrieve Bitcoin wallet files: The files they are looking for are: wallet - ...
Read More

Top-100 Malicious IP STIX Feed, (Fri, Nov 17th)

Yesterday, we were contacted by one of our readers who asked if we provide a STIX feed of our blocked ...
Read More

Suspicious Domains Tracking Dashboard, (Thu, Nov 16th)

Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your ...
Read More

If you want something done right, do it yourself!, (Wed, Nov 15th)

Another day, another malicious document! I like to discover how the bad guys are creative to write new pieces of ...
Read More
Loading...