Blog

The Latest from Fortify


Threat Feeds
CVE Feed
Loading...

CERT Vulnerability Feed
Loading...

CERT Insider Threat

Insider Threats in State and Local Government (Part 5 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Drew Walsh. Continuing our industry sector series, this blog post highlights insider threat trends in ...
Read More

Insider Threats in Finance and Insurance (Part 4 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Jonathan Trotman. In the previous post of our series analyzing and summarizing insider incidents across ...
Read More

Scoping IT & OT Together When Assessing an Organization’s Resilience

The SEI engages with many organizations of various sizes and industries about their resilience. Those responsible for their organization's cybersecurity ...
Read More

Performing Text Analytics for Insider Threat Programs: Part 3 of 3

This blog series reviews topics in performing text analytics to support insider threat mitigation. This post presents a procedural framework ...
Read More

Insider Threats in the Federal Government (Part 3 of 9: Insider Threats Across Industry Sectors)

The CERT National Insider Threat Center (NITC) Insider Threat Incident Corpus contains over 2,000 incidents, which, as Director Randy Trzeciak ...
Read More

Classifying Industry Sectors: Our New Approach to an Industry Sector Taxonomy (Part 2 of 9: Insider Threats Across Industry Sectors)

As Randy Trzeciak mentioned in the first blog in this series, we are often asked about the commonalities of insider ...
Read More

Is Compliance Compromising Your Information Security Culture?

Individual organizations spend millions per year complying with information security mandates, which tend to be either too general or too ...
Read More

Insider Threat Incident Analysis by Sector (Part 1 of 9)

Hello, I am Randy Trzeciak, Director of the CERT National Insider Threat Center (NITC). I would like to welcome you ...
Read More
Loading...

ISC Bulletins

Sextortion Bitcoin on the Move, (Fri, Jan 18th)

We've gotten a few reports of the latest round of sextortion emails demanding bitcoin in exchange for deleting incriminating videos ...
Read More

Emotet infections and follow-up malware, (Wed, Jan 16th)

Introduction Three major campaigns using malicious spam (malspam) to distribute malware stopped sending malspam before Christmas--sometime during the week ending ...
Read More

Microsoft Publishes Patches for Skype for Business and Team Foundation Server, (Tue, Jan 15th)

Today, Microsoft published an advisory on CVE-2019-0624 on a spoofing vulnerability in Skype for Business 2015. It requires a few steps of ...
Read More

Oracle Has Published 284 Security Updates in their January Patch Advisory, More here: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html, (Tue, Jan 15th)

-- John Bambenek bambenek at gmail /dot/ com ThreatSTOP (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United ...
Read More

Microsoft LAPS – Blue Team / Red Team, (Mon, Jan 14th)

The story is all too familiar, the chain of events almost the same every time: A malicious email makes its ...
Read More

Still Running Windows 7? Time to think about that upgrade project!, (Mon, Jan 14th)

For folks still running Windows 7, Microsoft has it scheduled for End of Life in exactly 1 year - https://support.microsoft.com/en-ca/help/13853/windows-lifecycle-fact-sheet ...
Read More

Snorpy a Web Base Tool to Build Snort/Suricata Rules, (Sat, Jan 12th)

Snorpy is a web base application to easily build Snort/Suricata rules in a graphical way. It is simple to use ...
Read More

Quick Maldoc Analysis, (Fri, Jan 11th)

Reader Kevin asked for help with the analysis of maldoc 7eac18cab2205d94e5e5e0c43daf64cbab2e0b43cf841213c25ca34e8124739f. Here is the analysis in one-line, as I like ...
Read More
Loading...