Resources

Blog

VERT Threat Alert: August 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1068 on Wednesday, August 9th. In-The-Wild & Disclosed CVEs CVE-2023-38180 A vulnerability in Kestrel could allow for a denial of...
Blog

Protecting Sensitive Data from Insider Threats in PCI DSS 4.0

Safeguarding sensitive data is a huge concern for organizations. One of the biggest challenges they face is the threat posed by insiders who work for the organization. In fact, a report found that 74% of organizations are at least moderately vulnerable to threats from insiders. This has increased spending towards protecting against insider threats...
Blog

Is Your MSP Taking Its Own Security Seriously?

Most small and midsized businesses trust an IT services partner to help them secure their networks. A few years ago, high-profile cyberattacks targeting MSP vendors Kaseya and SolarWinds thrust the security risk of relying on a complex chain of vendors into the technology media and moved the Department of Homeland Security to issue a statement...
Blog

An Introduction to Cyber Threat Intelligence: Key Concepts and Principles

Cyber Threat Intelligence (CTI), or threat intelligence, is evidence-based knowledge established from current cyber threats, gathered from myriad sources to identify existing or potential attacks. Threat intelligence assists in identifying the motives, targets, and attack behaviors of a threat actor and implementing strong defenses from future...
Blog

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a set of privacy and security standards put into effect by the European Union (EU). Widely accepted as the world's strictest security and privacy law, GDPR imposes regulations on organizations that target or collect data relating to people in the EU. European Parliament signed GDPR into law in 2016,...
Blog

Understanding Machine Learning Attacks, Techniques, and Defenses

Machine learning (ML) is a subset of Artificial Intelligence (AI), which enables machines and software to automatically learn from historical data to generate accurate output without being programmed to do so. Many leading organizations today have incorporated machine learning into their daily processes for business intelligence. But the ability of...
Blog

Enhanced Data Analysis with Synthetic Datasets

Large data can offer a massive affordable advantage for companies. Scientists, information analysts, marketing professionals, and advertisers rely upon receiving valuable insights from substantial pools of consumer information. When examined correctly, this information can provide valuable insight for organizations that understand how to use it. ...
Blog

ATT&CKing the Center for Internet Security

I recently spoke at a Fortra Webinar about CIS and MITRE. More specifically, I discussed the intersection between the CIS Critical Security Controls, CIS Benchmarks, and MITRE ATT&CK. In this post, I won't go into deep details about the core background, but there are plenty of excellent references available online, including our breakdown of the...
Blog

DSPM and CSPM: What are the Differences?

A few years back, data was constrained to the on-premise infrastructure. Data management, governance, and protection were fairly uncomplicated in this enclosed environment. The emergence of cloud computing and multi-cloud infrastructures has not only introduced more complexity in data management and governance, but it has also increased security...
Blog

What is SWIFT? 8 Things You Need to Know

In our increasingly digital world, global communications and financial interactions are nigh inescapable for anyone in any industry or walk of life. The infrastructure in place for international transactions is complex and layered, containing moving parts that work in tandem to make things like transferring money nearly seamless. Many of those...
Blog

Three Reasons Why Business Security Starts with Employee Education

Human error is a major contributing factor to company data breaches. More than 340 million people may already have been affected by a data breach in the first four months of 2023. With cybercrime rates soaring around the world, it’s clearly an area where investment and expertise are required. While updating laptops with the latest antimalware...
Blog

Reviewing Remote Work Security: Best Practices

Remote work has shifted the mindset away from the old style of employment, showing up to the office every day. However, it seems that more businesses are starting to grab back some of the traditional practice of showing up to the office. The timing is probably helping, as the northern hemisphere is starting to warm up, making the commute to an...
Blog

What We Learned from the 2023 Pen Testing Report

Fortra’s Core Security recently released its 2023 Pen Testing Report, and there’s plenty to see. In this year’s report, IT decision-makers can learn what their peers are saying about why they pen test, how often they pen test, and whether or not they’re pen testing in-house, among other topics. Each year, Core Security collects and produces some...
Blog

The Value of Vulnerability Management

There’s nothing that makes you feel older than realizing how much of your life you have dedicated to a single topic. At what point do you consider yourself an expert? After more than 17 years in vulnerability management, I’m starting to come around to the idea that I might be an expert in the field. Although, the main reason I feel that way is...
Blog

VERT Threat Alert: July 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1064 on Wednesday, July 12th. In-The-Wild & Disclosed CVEs CVE-2023-32046 A vulnerability in MSHTML could allow an attacker to execute code in the...
Blog

How the NIS2 Directive Will Impact You

Have you heard of the NIS Directive? The full name is quite a mouthful, "DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union". The informal name has been shortened to the Network and Information Security (NIS) Directive. The aim of the...
Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...
Blog

PCI DSS 4.0 Requirements –Test Security Regularly and Support Information Security with Organizational Policies and Programs

The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the Requirements, and while minimizing the testing necessities. Not only is testing part of the full...
Blog

5 Things Everyone Needs to Know About GRC

Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025, will exceed the estimated worldwide cybersecurity spending—$267.3 billion annually by 2026. Leadership needs to change its perspective on managing cyber risks instead of just spending more money to match the losses incurred. Cyber risk...
Blog

Tripwire Patch Priority Index for June 2023

Tripwire's June 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Progress MOVEit. First on the patch priority list this month are patches for the Progress MOVEit Transfer application. An exploit targeting the MOVEit vulnerability CVE-2023-34362 has been recently added to the Metasploit Exploit Framework. ...