Blog

The Latest from Fortify

Threat Feeds

CVE Feed

CERT Vulnerability Feed

CERT Insider Threat

Separation of Duties and Least Privilege (Part 15 of 20: CERT Best Practices to Mitigate Insider Threats Series)

The 15th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice ...
Read More

Establishing Baseline Behaviors (Part 14 of 20: CERT Best Practices to Mitigate Insider Threats Series)

The 14th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice ...
Read More

Mobile Devices and Other Remote Access (Part 13 of 20: CERT Best Practices to Mitigate Insider Threats Series)

The 13th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice ...
Read More

Data Management and Event Correlation (Part 12 of 20: CERT Best Practices to Mitigate Insider Threats Series)

The twelfth practice described in the newly released Common Sense Guide to Mitigating Insider Threats is Practice 12: Deploy solutions ...
Read More

Privileged Account Management (Part 11 of 20: CERT Best Practices to Mitigate Insider Threats Series)

The eleventh practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice ...
Read More

Defending Against Phishing

When IT and security professionals discuss phishing, the need for improved user education is often the main focus. While user ...
Read More

2016 U.S. State of Cybercrime Highlights

Each year, the CERT Division of the SEI collaborates with CSO Magazine to develop a State of Cybercrime report. These ...
Read More

Moving Beyond Resilience to Prosilience

Our researchers have spent over a decade at the CERT Division exploring, developing, and analyzing operational resilience as a way ...
Read More

ISC Bulletins

TinyPot, My Small Honeypot, (Thu, Jul 27th)

Running honeypots is always interesting to get an overview of whats happening on the Internet in terms of scanners or ...
Read More

Malspam pushing Emotet malware, (Wed, Jul 26th)

Introduction On Tuesday 2017-07-25, we were contacted by a reader through our contact page. He sent us a Microsoft Word ...
Read More

Trends Over Time, (Mon, Jul 24th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License ...
Read More

Uber drivers new threat: the "passenger", (Mon, Jul 24th)

This week I was told about a scam attack that surprised me due to the criminals creativity. A NYC Uber ...
Read More

Another .lnk File, (Sun, Jul 23rd)

In diary entry Office maldoc + .lnk we analyzed a Windows shortcut file (.lnk) and looked for metadata, but it ...
Read More

Black Hat is coming and with it a good reason to update your "Broadcom-based" devices, (Fri, Jul 21st)

Black Hat US 2017 is debuting and with it a potential concern to most of us. It turns out that ...
Read More

Malicious .iso Attachments, (Fri, Jul 21st)

We width:1067px" /> Didier Stevens Microsoft MVP Consumer Security blog.DidierStevens.com DidierStevensLabs.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial ...
Read More

Bots Searching for Keys & Config Files, (Wed, Jul 19th)

If youdont know our 404project[1], I would definitively recommend having a look at it! The idea is to track HTTP ...
Read More