The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Known unpatched vulnerabilities are often exploited by criminals to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although the terms “patch management” and...

On August 10th, the Pentagon introduced " Task Force Lima ," a dedicated team working to bring Artificial Intelligence (AI) into the core of the U.S. defense system. The goal is to use AI to improve business operations, healthcare, military readiness, policy-making, and warfare. Earlier in August, the White House announced a large cash prize for individuals or groups that can create AI systems to...

It's nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to get their marketing messages past anti-spam filters and in front of human eyeballs. It's enough to make you wish that email clients didn't support HTML at all...

In this era shaped by digital innovation, the concept of Secure by Design is a critical safeguard against cyber threats. Read on to delve into the essence of Secure by Design and its profound relevance in today's technology landscape. As cyberattacks grow more sophisticated, comprehending the proactive principles behind secure design is paramount to ensuring a resilient and protected digital...

The importance of cybersecurity is no secret in our increasingly digital world. Even individuals who have no experience or expertise in tech or related fields are aware of the threat of hacking, phishing, and the like. It can be difficult, however, to actually quantify the risks of being targeted by these attacks. Keeping track of the trends in cyberthreats, the different attackers and types of...

The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST Cybersecurity Framework is about as big an umbrella as...

In July 2021, the White House established a voluntary initiative for industrial control systems (ICS) to promote cooperation between the critical infrastructure community and the federal government. The fundamental purpose of the initiative was “to defend the nation’s critical infrastructure community by encouraging and facilitating the deployment of technologies and systems that provide threat...

The cybersecurity industry is one in which staying in the loop on recent developments is incredibly important. Because technologies, industry conditions, and the threat landscape all change so frequently, it can be difficult to remain up to date on news, standard practices, and significant threats. Written articles can be of great help in this endeavor, but another great tool is the vast realm of...

Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be about the cost, since even the smallest cup of...

In the rapidly evolving realm of digital security, staying ahead of cyber threats requires continuous learning and collaboration. Cybersecurity conferences stand as beacons of knowledge, drawing experts and enthusiasts from across the globe. We’ve curated a list of the top eight cybersecurity conferences, each a melting pot of insights, innovations, and networking opportunities . From the renowned...

What's happened? The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch." Snatch? As in the movie from twenty odd years ago? I'm not sure I've heard of Snatch before... Maybe you haven't. They don't have as high a profile as some of the other more notorious ransomware...

Malicious packages consist of software embedded with code that is capable of causing harm to an entire system or network . This is a rapidly growing threat affecting open-source software and the software supply chain. This attack method has seen a nearly 12,000% increase from 2022 to 2023, as reported by Synk . Some reasons include its technical feasibility, the potential for high returns, and the...

In an increasingly digitized world, the threat of cybercrime looms larger than ever. The FBI's relentless pursuit of cybercriminals remains a critical defense against this growing menace. We’re well into 2023, and the FBI's Most Wanted Cybercriminals list takes center stage, highlighting the individuals who pose significant threats to our digital security. Join us in exploring their profiles and...

When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra occupies a unique space in the industry because of the sheer size of the security portfolio. It’s one thing to advocate for...

Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party with friends and colleagues because 25th May 2018 was a landmark day for the world of Data Protection (yes, seriously, we had a party!). But the funny thing about the effective...

Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and the erosion of a company's hard-earned reputation. Risks of Non-Compliance Non...

The social media landscape has undergone dramatic change in recent years. Elon Musk bought Twitter and changed its name to "X." Mark Zuckerberg bought Instagram and WhatsApp before launching Threads to capitalize on Twitter's recent PR disasters. TikTok came out of nowhere to become the platform of choice for Gen Z. One thing, however, has stayed the same. Facebook remains, somewhat surprisingly...

How to Build an Effective ICS Security Program Of all the different areas of cybersecurity, not many are as important, or have as far-reaching consequences as industrial control systems (ICS) security. While most relevant organizations would agree that ICS security is a significant concern for their operations, it is easier said than done. Many find it difficult to put into practice the measures...

What's happened? CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A "zero-click attack"? That's an attack that doesn't require any interaction from the user. Often times a malicious hacker requires a...

Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional malware, fileless attacks are stealthier in nature, falling under the category of low-observable characteristics (LOC) attacks. Since...