Blog

The Latest from Fortify


Threat Feeds
CVE Feed
Loading...

CERT Vulnerability Feed
Loading...

CERT Insider Threat

Are You Providing Cybersecurity Awareness, Training, or Education?

When I attend trainings, conferences, or briefings, I usually end up listening to someone reading slides about a problem. Rarely ...
Read More

Insider Threats in Entertainment (Part 8 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Carrie Gardner. The Entertainment Industry is the next spotlight blog in the Industry Sector series ...
Read More

Insider Threats in Healthcare (Part 7 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Carrie Gardner. Next in the Insider Threats Across Industry Sectors series is Healthcare. As Healthcare-related ...
Read More

Top 5 Incident Management Issues

The CERT Division of the SEI has a history of helping organizations develop, improve, and assess their incident management functions ...
Read More

Insider Threats in Information Technology (Part 6 of 9: Insider Threats Across Industry Sectors)

This blog post was co-authored by Carrie Gardner. As Carrie Gardner wrote in the second blog post in this series, ...
Read More

Insider Threats in State and Local Government (Part 5 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Drew Walsh. Continuing our industry sector series, this blog post highlights insider threat trends in ...
Read More

Insider Threats in Finance and Insurance (Part 4 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Jonathan Trotman. In the previous post of our series analyzing and summarizing insider incidents across ...
Read More

Scoping IT & OT Together When Assessing an Organization’s Resilience

The SEI engages with many organizations of various sizes and industries about their resilience. Those responsible for their organization's cybersecurity ...
Read More
Loading...

ISC Bulletins

Using AD to find hosts that aren't in AD – fun with the [IPAddress] construct!, (Wed, Mar 20th)

In many internal assessments or "recon mission" style engagements, you'll need to figure out what all the internal subnets are ...
Read More

Wireshark 3.0.0 and Npcap: Some Remarks, (Mon, Mar 18th)

I received a couple of questions regarding Wireshark and Npcap. First of all, it's not a requirement to install Npcap ...
Read More

Video: Maldoc Analysis: Excel 4.0 Macro, (Sun, Mar 17th)

In this video, I provide more context to diary entry "Maldoc: Excel 4.0 Macros" by showing how to distinguish VBA ...
Read More

Maldoc: Excel 4.0 Macros, (Sat, Mar 16th)

I've received several samples of malicious spreadsheets with Excel 4.0 macros over the last weeks, like this one: 7df15be35bd8fd1a98adc24e6be7bfcd. Excel ...
Read More

Binary Analysis with Jupyter and Radare2, (Fri, Mar 15th)

Jupyter has become very popular within the data science community, as it is an easy way of working interactively with ...
Read More

Tip: Ghidra & ZIP Files, (Thu, Mar 14th)

I don't know where I got the idea, but I erroneously assumed that Ghidra could help with the analysis of ...
Read More

Malspam pushes Emotet with Qakbot as the follow-up malware, (Wed, Mar 13th)

Introduction I've posted several diaries about malicious spam (malspam) pushing Emotet malware.  In recent years, I've made sure to include ...
Read More

Microsoft March 2019 Patch Tuesday, (Tue, Mar 12th)

This month we got patches for 64 vulnerabilities. Two of them have been exploited and four have been made public ...
Read More
Loading...