Blog

The Latest from Fortify


Threat Feeds
CVE Feed
Loading...

CERT Vulnerability Feed
Loading...

CERT Insider Threat

Insider Threats in Finance and Insurance (Part 4 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Jonathan Trotman. In the previous post of our series analyzing and summarizing insider incidents across ...
Read More

Scoping IT & OT Together When Assessing an Organization’s Resilience

The SEI engages with many organizations of various sizes and industries about their resilience. Those responsible for their organization's cybersecurity ...
Read More

NIST NCCOE Release Cybersecurity Practice Guide, SP 1800-5, IT Asset Management: Financial Services

NIST NCCOE Releases Cybersecurity Practice Guide, SP 1800-5, IT Asset Management: Financial Services ...
Read More

Database of Software “Fingerprints” Expands to Include Computer Games

One of the largest software libraries in the world just grew larger ...
Read More

Reasoning About IoT Trustworthiness

On September 13, 2018, NIST will host a workshop on methods and technologies for reasoning about IoT trustworthiness ...
Read More

NIST Releases Draft NIST Internal Report (NISTIR) 8222, Internet of Things (IoT) Trust Concerns

NIST has released Draft NIST Internal Report (NISTIR) 8222, Internet of Things (IoT) Trust ...
Read More
Loading...

ISC Bulletins

Bombstortion?? Boomstortion??, (Fri, Dec 14th)

First sextortion, now bombstortion? Today we have received a couple of reports of a new email based extortion message being ...
Read More

Phishing Attack Through Non-Delivery Notification, (Thu, Dec 13th)

Here is a nice example of phishing attack that I found while reviewing data captured by my honeypots. We all know ...
Read More

Yet Another DOSfuscation Sample, (Wed, Dec 12th)

Reader Vince asked for help with the analysis of a malicious Word document. He started the analysis himself, following the ...
Read More

Microsoft December 2018 Patch Tuesday, (Tue, Dec 11th)

December 2018 Security Updates Description CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG) ...
Read More

Announcing the Security Awareness Survey, find it at https://survey.sans.org/jfe/form/SV_4UZfNorPzzXlfr7, (Tue, Dec 11th)

Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License ...
Read More

Arrest of Huawei CFO Inspires Advance Fee Scam, (Sun, Dec 9th)

Last week, the arrest of MENG Wanzou made big waves in the news. Ms. Meng was arrested in Canada based ...
Read More

Quickie: String Analysis is Still Useful, (Sun, Dec 9th)

String analysis: extracting and analyzing strings from binary files (like executables) to assist with reverse engineering. It's a simple method, ...
Read More

Reader Submission: MHT File Inside a ZIP File, (Sat, Dec 8th)

Reader Jason submitted a ZIP file received via email. It contains an MHT file, an when Jason received it, it ...
Read More
Loading...

NIST IT News & Events
Error: View d54c485h5r may not exist