Resources

Blog

VERT Threat Alert: September 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1073 on Wednesday, September 13th. In-The-Wild & Disclosed CVEs CVE-2023-36761 Microsoft has indicated that a vulnerability...
Blog

Tripwire Patch Priority Index for August 2023

Tripwire's August 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Excel, Visio, Teams, and Outlook. The patches resolve 10 issues including remote code execution, information disclosure, security feature bypass, and spoofing...
Blog

Working with a Reliable Partner for Cybersecurity Success

Technology companies are often seen as revolving doors of constantly shifting personnel. Whether they are seeking a better work environment or chasing a higher paycheck, these staff changes can hurt an organization’s progress. Worse yet, the customers are often negatively impacted by these changes in the continuity of established relationships. At...
Blog

Understanding Firewalls – Types, Configuration, and Best Practices for Effective Network Security

A firewall is a security device that controls the flow of traffic across a network. A firewall may be a hardware appliance, or it may be a piece of software that runs on a third-party operating system. Firewalls operate based on a set of pre-defined, as well as customizable security rules that inspect network traffic to block or permit access to a...
Blog

Why No Business in 2023 Can Grow without APIs

The Importance of APIs Businesses of all sizes are increasingly relying on APIs to connect with their customers, partners, and other systems. APIs, or application programming interfaces, are the building blocks of the modern web, and they allow businesses to share data and functionality in a secure and efficient way. Without APIs, businesses are...
Blog

The CIA Debate: Which is the Most Important?

The Confidentiality, Integrity and Availability (CIA) Triad is a crucial information security model that guides and assesses how an organization manages data during storage, transmission, and processing. Each component of the triad plays a vital role in maintaining information security: Confidentiality means that data should not be accessed...
Blog

CISA Cybersecurity Strategic Plan: What you need to know

The United States stands at a pivotal juncture for true digital and cyber security, with unlimited potential. The 2023 U.S. National Cybersecurity Strategy presents a fresh perspective on safeguarding digital territory—a perspective rooted in collaboration, innovation, and accountability. This moment poses a critical consideration of whether to...
Blog

2023 Business Email Compromise Statistics

In cybersecurity, knowledge is everything. From APT intelligence to zero-day vulnerabilities, relevant and timely information can be the difference between a thwarted attack and a total disaster. With Business Email Compromise (BEC) attacks at their zenith, there has never been a better time for a comprehensive BEC report. As such, Fortra has...
Blog

The Five Stages of Vulnerability Management

A strong vulnerability management program underpins a successful security strategy overall. After all, you can’t defend weak points you don’t know are there. It is predicted that 2023 will see an average of 1,900 critical Common Vulnerabilities and Exposures (CVEs) a month, up 13% from last year. This is due to increased interconnectedness, the...
Blog

VERT Threat Alert: August 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1068 on Wednesday, August 9th. In-The-Wild & Disclosed CVEs CVE-2023-38180 A vulnerability in Kestrel could allow for a denial of...
Blog

Protecting Sensitive Data from Insider Threats in PCI DSS 4.0

Safeguarding sensitive data is a huge concern for organizations. One of the biggest challenges they face is the threat posed by insiders who work for the organization. In fact, a report found that 74% of organizations are at least moderately vulnerable to threats from insiders. This has increased spending towards protecting against insider threats...
Blog

Is Your MSP Taking Its Own Security Seriously?

Most small and midsized businesses trust an IT services partner to help them secure their networks. A few years ago, high-profile cyberattacks targeting MSP vendors Kaseya and SolarWinds thrust the security risk of relying on a complex chain of vendors into the technology media and moved the Department of Homeland Security to issue a statement...
Blog

An Introduction to Cyber Threat Intelligence: Key Concepts and Principles

Cyber Threat Intelligence (CTI), or threat intelligence, is evidence-based knowledge established from current cyber threats, gathered from myriad sources to identify existing or potential attacks. Threat intelligence assists in identifying the motives, targets, and attack behaviors of a threat actor and implementing strong defenses from future...
Blog

Understanding Machine Learning Attacks, Techniques, and Defenses

Machine learning (ML) is a subset of Artificial Intelligence (AI), which enables machines and software to automatically learn from historical data to generate accurate output without being programmed to do so. Many leading organizations today have incorporated machine learning into their daily processes for business intelligence. But the ability of...
Blog

Enhanced Data Analysis with Synthetic Datasets

Large data can offer a massive affordable advantage for companies. Scientists, information analysts, marketing professionals, and advertisers rely upon receiving valuable insights from substantial pools of consumer information. When examined correctly, this information can provide valuable insight for organizations that understand how to use it. ...
Blog

CISO to BISO – What's your next role?

Introduction For the longest time within the cybersecurity industry, we have had Chief Information Security Officers (CISOs) whose role is to set the strategic direction for Information Security within an organisation. But what are the stepping stones to becoming a CISO? In the past, this has been a difficult question to answer, but typically the...
Blog

DSPM and CSPM: What are the Differences?

A few years back, data was constrained to the on-premise infrastructure. Data management, governance, and protection were fairly uncomplicated in this enclosed environment. The emergence of cloud computing and multi-cloud infrastructures has not only introduced more complexity in data management and governance, but it has also increased security...
Blog

Three Reasons Why Business Security Starts with Employee Education

Human error is a major contributing factor to company data breaches. More than 340 million people may already have been affected by a data breach in the first four months of 2023. With cybercrime rates soaring around the world, it’s clearly an area where investment and expertise are required. While updating laptops with the latest antimalware...
Blog

Reviewing Remote Work Security: Best Practices

Remote work has shifted the mindset away from the old style of employment, showing up to the office every day. However, it seems that more businesses are starting to grab back some of the traditional practice of showing up to the office. The timing is probably helping, as the northern hemisphere is starting to warm up, making the commute to an...
Blog

What We Learned from the 2023 Pen Testing Report

Fortra’s Core Security recently released its 2023 Pen Testing Report, and there’s plenty to see. In this year’s report, IT decision-makers can learn what their peers are saying about why they pen test, how often they pen test, and whether or not they’re pen testing in-house, among other topics. Each year, Core Security collects and produces some...