Blog

The Latest from Fortify


Threat Feeds
CVE Feed
Loading...

CERT Vulnerability Feed
Loading...

CERT Insider Threat

Moving Personal Data at Work

Many organizations allow limited personal use of organizational equipment. To move personal data to or from the organization's devices and ...
Read More

Introducing Atlas: A Prototype for Visualizing the Internet

After 30 years, cyber command centers, educators, and Internet threat intelligence organizations have yet to embrace a standardized, encompassing, and ...
Read More

Cybersecurity Performance: 8 Indicators

Since 1988's Morris Worm, which infected 10% of the estimated 60,000 computers connected to the internet, cybersecurity has grown into ...
Read More

CryptoDNS–Should We Worry?

By Matt Mackie When the Internet was still ARPANET, hostnames were converted to numerical addresses using a hosts.txt file stored ...
Read More

Why Is Measurement So Hard?

Developing security metrics within an organization is an ongoing challenge. Organizations want to know "Am I secure enough?" While this ...
Read More

CERT NITC Insider Threat Program Manager Certificate

Increasingly, organizations, including the federal government and industry, are recognizing the need to counter insider threats and are doing it ...
Read More

Head in the Clouds

The transition from on-premises information systems to cloud services represents a significant, and sometimes uncomfortable, new way of working for ...
Read More

7 Considerations for Cyber Risk Management

Each year brings new cybersecurity threats, breaches, and previously unknown vulnerabilities in established systems. Even with unprecedented vulnerabilities such as ...
Read More
Loading...

ISC Bulletins

Java Deserialization Attack Against Windows, (Tue, Apr 3rd)

Recently we talked a lot about attacks exploiting Java deserialization vulnerabilties in systems like Apache SOLR and WebLogic. Most of ...
Read More

Phishing PDFs with multiple links – Detection, (Mon, Apr 2nd)

One advantage of static analysis over dynamic analysis, is that it can reveal more information than dynamic analysis. In the ...
Read More

Phishing PDFs with multiple links – Animated GIF, (Sun, Apr 1st)

Here is an animated GIF showing the URLs in the PDF I analyzed yesterday: You can see a different URL ...
Read More

Phishing PDFs with multiple links, (Sat, Mar 31st)

A reader wanted to know why the phishing PDF he received contained multiple and different links, according to my pdf ...
Read More

Version 7 of the CIS Controls Released, (Fri, Mar 30th)

The CIS Controls serve as a “prioritized set of actions to protect your organization and data from known cyber attack ...
Read More

One hash to rule them all: drupalgeddon2, (Thu, Mar 29th)

I’m sure virtually all of our readers are aware of the patch that has been released for Drupal yesterday. In ...
Read More

How are Your Vulnerabilities?, (Wed, Mar 28th)

Scanning assets for known vulnerabilities is a mandatory process in many organisations. This topic comes in the third position of ...
Read More

Side-channel information leakage in mobile applications, (Tue, Mar 27th)

Smartphones today carry an unbelievable amount of sensitive information. As absolutely everything is going mobile these days, we have to ...
Read More
Loading...