Resources

Blog

DragonForce Ransomware - What You Need To Know

What's going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others...

Webinar: Security Leader Panel Discussion

Webinar: Security Leader Panel Discussion
Cybersecurity is a team sport. It’s heroes versus adversaries. All for one and one for all. Or else. With mounting cyber threats, tectonic changes in the digital landscape, and AI infiltrating all aspects of business, seasoned cybersecurity leaders turn to fellow practitioners to find solace and solutions. On May 8, Fortra CISO Chris Reffkin leads a panel of security experts from across the...
hannah.rea Thu, 04/11/2024 - 06:00
Cybersecurity
Blog

Life in Cybersecurity: From Nursing to Threat Analyst

As digital threats increase, we see more professionals transition into cybersecurity. Some come from previous technical roles, and some do not. However, because cybersecurity is primarily a problem-solving industry, those who switch from other high-pressure, high-performance positions are often best prepared for the job. Take Gina D’Addamio , for example, a former nurse turned threat analyst. I...
Blog

Embracing Two-Factor Authentication for Enhanced Account Protection

Let’s start the second quarter of the year with boosting our security posture by adopting two-factor authentication methods on our accounts to make them more secure. Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. The first factor you provide is a password (often referred to as something...
Blog

VERT Threat Alert: April 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings , we know is tied to Improper Access Control . From a...
On-Demand Webinar

Perfecting Security Hardening One Step at a Time

Sometimes the wisest thing we can do as cybersecurity practitioners is to zoom out and look at our systems holistically. Security hardening is the practice of closing potential points of entry over the scope of your entire system, from applications to servers and everything in between. Another way to put this is “shrinking the attack surface.” Watch this on-demand webinar presented by Fortra’s...
Blog

Cybersecurity Compliance Around the Globe: India's DPDP

In an era where data breaches and privacy concerns are increasingly shaping global discourse, India's proactive stance on data protection is noteworthy. Introducing the Digital Personal Data Protection (DPDP) Act 2023 marks a significant milestone in India's legislative landscape. This groundbreaking Act fortifies individual data privacy rights and aligns India with global cybersecurity and data...
Blog

Gone Phishing 2023: Here Are the Results!

Phishing is one of the most pertinent cybersecurity dangers for organizations to be concerned about in today’s digital landscape. Threat trends come and go, but phishing is a tried-and-true method that cybercriminals can adjust and adapt to all different manners of communication and evolving technology. Fortra’s Gone Phishing Tournament (GPT) is a yearly training event, available for free all...
Blog

AI/ML Digital Everest: Dodging System Failure Summit Fever

Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors. Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI projects chase their peaks with (sometimes too much ) determination and...
Blog

Exploring Advanced Tripwire Enterprise Capabilities

In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don't use them to their full potential. With any security tool...
Blog

Google Patches Pixel Phone Zero-days After Exploitation by "Forensic Companies"

Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and...
Blog

Security vs. Compliance: What's the Difference?

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often, the peanut butter and...
Blog

Tripwire Patch Priority Index for March 2024

Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Up next are patches for Microsoft Edge (Chromium...
Blog

Exploring Access Control Models: Building Secure Systems in Cybersecurity

In any organization, unrestricted access to systems and resources poses significant security risks. Recent cybersecurity events have shown that attackers will target any organization of any size. The most common attack vector is through unauthorized access to a legitimate account, often preceded by a phishing technique. To protect against unauthorized access, it's essential to establish rules and...
Blog

Oops, Malware! Now What? Dealing with Accidental Malware Execution

On an ordinary day, you're casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and even accessing the task manager becomes impossible...
Blog

What’s New in NIST’s Cybersecurity Framework 2.0?

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) was published in 2014 for the purpose of providing cybersecurity guidance for organizations in critical infrastructure. In the intervening years, much has changed about the threat landscape, the kinds of technology that organizations use, and the ways that operational technology (OT) and information technology...
Blog

The Cyber Sleuth's Handbook: Digital Forensics and Incident Response (DFIR) Essentials

In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents . In the physical world, the aftermath of a crime scene always yields vital clues that can unravel the mystery behind a...
Blog

Bake-off: Ensuring Security in the Cyber Kitchen

I’ll start this one with an apology – I’ve been watching a lot of the TV show The Bear (which I’d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his deceased brother’s sandwich shop. When I see...
Blog

AI Platforms Name Cybersecurity Threats and Advice for 2024

With $109.5 billion of growth expected between now and 2030, the global AI cybersecurity market is booming – and it's not hard to see why. According to a recent survey of security professionals, three-quarters ( 75% ) have observed an increase in cyberattacks. Of these, the research found that an even greater proportion (an overwhelming 85%) blamed AI. What is AI's role in cybersecurity, then? Is...
Blog

Browser Security in 2024: Technologies and Trends

What Is Browser Security? Browser security is a set of measures and processes intended to protect users and their data when using web browsers. This includes mechanisms to prevent unauthorized access, safeguard against malicious software and other browser security threats , and ways to protect the privacy of online activities. Essential components of browser security include secure communication...