Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2024

The State of Security in 2024: The Fortra Experts Take a Look

At Fortra, we like to encourage a collaborative environment. One of the ways we bring our community together is through our Transformer meetups which aim to provide a positive, energizing, and fun hub for all Fortra employees to learn how to be innovative, get inspired by others, and reach their creative potential. Our most recent meetup was moderated by myself and our panelists were Tyler Reguly, John Wilson, Bob Erdman, and Nathan Ramaker.

4 Security Controls Keeping Up with the Evolution of IT Environments

The rapid adoption of cloud technology in the past few years has transformed IT environments, enabling unprecedented opportunities for flexibility, scalability, and collaboration. However, this transformation has introduced a potentially dangerous level of complexity into these environments – recent research from PwC revealed that 75% of executives report too much complexity in their organizations, leading to ‘concerning’ cyber and privacy risks.

Silent Heists: The Danger of Insider Threats

When thinking about cybersecurity, we envision malicious actors working in dark basements, honing their tools to invent cunning new ways to breach our defenses. While this is a clear and present danger, it's also important to understand that another hazard is lurking much closer to home - the insider threat. These attacks have devastated entities in all sectors, with severe repercussions. These incidents can vary from straightforward acts of fraud or theft to more elaborate sabotage attempts.

CIS Control 08: Audit Log Management

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular reviews are useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of a successful attack. CIS Control 8 emphasizes the need for centralized collection and storage and standardization to better coordinate audit log reviews.

Managing NERC CIP Patching Process With Tripwire Enterprise and Tripwire State Analyzer

One of the hardest parts of managing an organization’s cybersecurity is patch management. Just as one patch cycle is completed, another set of patches are released. When compounded with the highly regulated energy industry, governed by the NERC CIP Standards, the task becomes even more daunting. Fortunately, Fortra’s Tripwire Enterprise (TE) and Tripwire State Analyzer (TSA) can ease the process.

How the Cyber Essentials Certification Can Help Your Business

Cybersecurity is a vital concern for organisations, but many security strategies fall short: recent research shows that 44% of UK companies are lacking in basic cybersecurity skills. The consequences of poor security go far beyond the direct impacts of cyberattacks, and the benefits of effective security are numerous as well.

London's CNI is Under Threat

London is one of the smartest and most interconnected cities in the world. Digital infrastructure plays a role in almost every facet of society, streamlining public transport, improving healthcare provision, boosting sustainability, and more. However, this reliance on technology has left London’s critical national infrastructure (CNI) perilously vulnerable to digital attacks.

Digital Threats, Real Losses: Cyber Risks to Retail Operations

The success of retailers depends on being able to offer consumers what they want. That means, for example, stocking Halloween costumes in October, turkeys in November, and Christmas decorations in December. Cybercriminals are all too aware of this fact and more than willing to capitalize on it, typically for financial gain or to cause disruption.

What's the Difference Between DSPM, CSPM, and CIEM?

DSPM, CSPM, and CIEM are more than just a mouthful of acronyms. They are some of today’s most sophisticated tools for managing data security in the cloud. While they are all distinct entities and go about protecting data in different ways, the fact that they all seem to do very much the same thing can lead to a lot of confusion. This, in turn, can sell each of these unique solutions short – after all, they were all created in response to a specific problem.

27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season

In a co-ordinated international effort, the law enforcement agencies of 15 countries have made the holiday season a little less stressful for companies and consumers - by seizing control of some of the internet's most popular DDoS-for-hire services. Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen "booter" or "stresser" websites offline.

CIS Control 09: Email and Web Browser Protections

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point within an organization. CIS Control 9 provides several safeguards to ensure the safety of external information.

Maximizing Security Data in Splunk with Tripwire's New App

In today’s data-driven world, collecting information is just the beginning. The real value lies in transforming raw data into actionable insights that drive decisions. For enterprise security, this means making data not only accessible but also organized, relevant, and easy to analyze.

Understanding the EU Cyber Resilience Act: A New Era for Digital Product Security

Cyber resilience is a constant topic of concern in technology and cybersecurity, as it approaches security from the standpoint of assuming that attacks are inevitable rather than solely attempting to prevent them. Layered cybersecurity is crucial to ensure comprehensive defense against a wide range of threats.

8 Emerging Cybersecurity Scams And Their Implications For The Future

Technological advances usually lead to a brighter future. While that may be true, these developments could also be used to refine and increase cybersecurity scams. Attackers do not care about who they target as long as they get people's and establishments' information and credentials. Cybersecurity professionals must be aware of the current scams plaguing the digital world and how to combat them. Here are a few examples and their implications for the future.

Steps for Successful Vulnerability Management: Lessons from the Pitch

When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luck.

CIS Control 10: Malware Defenses

With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as critical as it ever was and lays out the minimum requirements for ensuring your malware defenses are up to the task.

Tech Support Scams Exploit Google Ads to Target Users

It's not a new technique, but that doesn't mean that cybercriminals cannot make rich rewards from SEO poisoning. SEO poisoning is the dark art of manipulating search engines to ensure that malware-laced adverts and dangerous websites appear high on users' results - often impersonating legitimate businesses and organisations. But the simplest way of all to get a malicious website in front of a potential victim is to create a Google advertising account, and buy your way to the top of the search results.

Avoiding Pitfalls in Vulnerability Management: Key Insights and Best Practices

Vulnerability management (VM) has always been a complex area of concern that requires continuous and active effort to work properly. This can make it challenging for organizations to maintain their VM strategies and solutions over time, as there are many angles to secure and processes to oversee. There are a wide range of potential ways that VM can go wrong, and it is essential for organizations to avoid the many pitfalls associated with it.

Cyber-Safe Shopping: Protect Yourself from Holiday Scams and Cyber Threats

The holiday shopping season is here, and while it brings excitement and joy, it also opens opportunities for cybercriminals to exploit unsuspecting shoppers. With more people buying gifts online and taking advantage of holiday deals, the risk of falling victim to cyberattacks increases. Whether you're shopping from your desktop, mobile device, or in-store, it's essential to be aware of common threats and take steps to protect yourself.

Security Threats Facing LLM Applications and 5 Ways to Mitigate Them

Large Language Models (LLMs) are AI systems trained on vast textual data to understand and generate human-like text. These models, such as OpenAI’s Chat GPT-4 and Anthropic Claude, leverage their wide-ranging language input to perform various tasks, making them versatile tools in the tech world. By processing extensive datasets, LLMs can predict subsequent word sequences in text, enabling them to craft coherent and contextually relevant responses.

Diversity Can Be a Powerful Tool in Combating Increasing Cybersecurity Threats

The issue of diversity in the cybersecurity sector has been present since the early days of IT companies. The public perception of a cybersecurity professional carries with it a specific image of the kind of person who works in IT and cybersecurity, and many minority groups—including women, people of color and ethnic minorities, and disabled and neurodivergent people—are heavily underrepresented in the workforce.