Blog

The Latest from Fortify


Threat Feeds
CVE Feed
Loading...

CERT Vulnerability Feed
Loading...

CERT Insider Threat

A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!

(Or..."How This One Weird Thing Can Take Your Program to the Next Level!") The CERT National Insider Threat Center (NITC) ...
Read More

Are You Providing Cybersecurity Awareness, Training, or Education?

When I attend trainings, conferences, or briefings, I usually end up listening to someone reading slides about a problem. Rarely ...
Read More

Insider Threats in Entertainment (Part 8 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Carrie Gardner. The Entertainment Industry is the next spotlight blog in the Industry Sector series ...
Read More

Insider Threats in Healthcare (Part 7 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Carrie Gardner. Next in the Insider Threats Across Industry Sectors series is Healthcare. As Healthcare-related ...
Read More

Top 5 Incident Management Issues

The CERT Division of the SEI has a history of helping organizations develop, improve, and assess their incident management functions ...
Read More

Insider Threats in Information Technology (Part 6 of 9: Insider Threats Across Industry Sectors)

This blog post was co-authored by Carrie Gardner. As Carrie Gardner wrote in the second blog post in this series, ...
Read More

Insider Threats in State and Local Government (Part 5 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Drew Walsh. Continuing our industry sector series, this blog post highlights insider threat trends in ...
Read More

Insider Threats in Finance and Insurance (Part 4 of 9: Insider Threats Across Industry Sectors)

This post was co-authored by Jonathan Trotman. In the previous post of our series analyzing and summarizing insider incidents across ...
Read More
Loading...

ISC Bulletins

Analyzing UDF Files with Python, (Fri, Apr 19th)

Yesterday, Xavier wrote a diary entry about malicious UDF files. I wrote about the analysis of .ISO files before, and ...
Read More

Malware Sample Delivered Through UDF Image, (Wed, Apr 17th)

I found an interesting phishing email which was delivered with a malicious attachment: an UDF image (.img). UDF means “Universal Disk ...
Read More

A few Ghidra tips for IDA users, part 2 – strings and parameters, (Wed, Apr 17th)

Continuing with my preliminary exploration of Ghidra. If we continue with the call to RegOpenKeyExA from last time (yes, I ...
Read More

Odd DNS Requests that are Normal, (Tue, Apr 16th)

If you ever heard me talk about DNS, you will know that I am a big fan of monitoring DNS ...
Read More

Configuring MTA-STS and TLS Reporting For Your Domain, (Sat, Apr 13th)

Currently, the majority of HTTP traffic uses TLS (HTTPS) [1]. This is in part due to free and easy to ...
Read More

When Windows 10 Comes to Live: The First Few Minutes in the Live of a Windows 10 System, (Fri, Apr 12th)

We often get emails from readers stating that they feel their system is compromised, even though they "do nothing". Most ...
Read More

How to Find Hidden Cameras in your AirBNB, (Thu, Apr 11th)

Recently, there have been a number of stories about hidden cameras found in Airbnb rentals [1][2]. Of course, these cameras ...
Read More

Blue + Red: An Infosec Purple Pyramid, (Wed, Apr 10th)

Introduction Pyramids provide a good image of tiered activity.  In 2015, I wrote a diary about a Security Operations Center ...
Read More
Loading...