Blog RSS Feed Fortra Blog
- The Role of Security Configuration Management in Achieving Zero Trust Security Architecturesby Faisal Parkar on November 21, 2024 at 9:08 am
Zero Trust is a network security model that dictates that no one or no system should be trusted by default and that every attempt to access a network or application is a threat. For those who are naturally trusting of others, this concept is difficult to accept. However, distrusting every entity on a network until it has been verified is imperative today. Security Configuration in Zero Trust When you have a multitude of platforms from a variety of vendors with different asset models, it becomes a challenge to ensure consistency across these assets. Therefore, it is crucial to ensure not only…
- CIS Control 12: Network Infrastructure Managementby Matthew Jerzewski on November 20, 2024 at 9:40 am
Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significantly weaken an organization’s network infrastructure. Even if network devices are hardened with non-default configurations and strong…
- Essential Security Best Practices for Remote Workby Fortra Staff on November 20, 2024 at 9:40 am
As we continue to embrace remote work, it’s crucial to keep our security practices sharp to protect both company and personal data. With increasing cyber threats, adhering to security best practices helps us safeguard our information and maintain our productivity. Here’s a quick guide to help you stay vigilant and secure while working remotely. Secure Your Home Office Pick a space that is private. Do not allow family or friends to use your work devices. Do not use your work devices for personal use. Lock your device when you must step away. Stay in Communication Stay connected with the company…
- BEC Cost Citizens Worldwide Over $55bn in Last 10 Yearsby PJ Bradley on November 19, 2024 at 10:04 am
Business email compromise (BEC) is a sophisticated type of phishing that uses social engineering and deception to obtain access to sensitive accounts, networks, and data. In these attacks, bad actors pose as organization executives to request funds transfers from other members of the organization. Playing on the trust that employees place in executives, this scam demands that the attacker gather information about the structure of the organization and the individual they plan to impersonate. The FBI’s Internet Crime Complaint Center (IC3) recently published a public service announcement…
- The Future of Cybersecurity: Why Vendor Consolidation is the Next Big Trendby Jeff Moline on November 19, 2024 at 9:20 am
The cybersecurity landscape is constantly changing as new technologies and threat trends emerge. Maintaining an effective cybersecurity strategy over time requires updating tools and practices with the evolution of cyberattacks, security capabilities, and business operations. Implementing the best tools for the most pressing issues as they arise has been the predominant tactic for many organizations. However, some cybersecurity leaders believe that this approach is no longer sufficient for addressing modern threats. Vendor sprawl makes for a large and complex attack surface, leading to…
- Identity Fraud and the Cost of Living Crisis: New Challenges for 2024by PJ Bradley on November 18, 2024 at 9:19 am
Fraud is a rampant threat to individuals and organizations worldwide and across all sectors. In order to protect against the dangers of fraud in its many forms, it is vital to stay in the loop on the latest fraud trends and the threat landscape. The Fraudscape 2024 report from Cifas, the UK’s Fraud Prevention Community, is an effort to share this information to help prevent fraud. The report is compiled using data from Cifas’ National Fraud Database (NFD), Insider Threat Database (ITD), and intelligence from members, partners, and law enforcement agencies. According to the report…
- Cyberbiosecurity: Where Digital Threats Meet Biological Systemsby Dilki Rathnayake on November 18, 2024 at 9:19 am
Cyberbiosecurity has emerged as an essential area of interest as the boundaries between the digital and biological sectors continue to blur. With rapid advancements in areas such as artificial intelligence, automation, and synthetic biology, the need for strong cyberbiosecurity protections has grown to safeguard the bioeconomy. As biotechnology evolves, it creates a complex landscape where breaches can have consequences far beyond typical cyber risks. Cyberbiosecurity is about securing the foundation of our biological future. Cyberbiosecurity, also known as Biocybersecurity, is an…
- ShrinkLocker Ransomware: What You Need To Knowby Graham Cluley on November 14, 2024 at 3:16 pm
What is ShrinkLocker? ShrinkLocker is a family of ransomware that encrypts an organisation’s data and demands a ransom payment in order to restore access to their files. It was first identified by security researchers in May 2024, after attacks were observed in Mexico, Indonesia, and Jordan. So far, so normal. What makes it noteworthy? The ShrinkLocker ransomware is unusual because it uses VBScript and Microsoft Windows’s legitimate security tool BitLocker to assist with the encryption of victims’ files. Hang on. You mean BitLocker, the full-disk-encryption feature that’s supposed to boost…
- Exploring the Security Risks of VR and ARby Chester Avey on November 14, 2024 at 8:42 am
In an era where innovative technologies are emerging left, right, and center, two of the most influential in recent years are experiencing exponential growth. Virtual Reality (VR) and Augmented Reality (AR) are immersive technologies that have now firmly integrated into numerous industries. As these technologies have become more prevalent in our personal and professional lives, they bring with them security and privacy challenges that are hard to overlook. In addition, recent VR/AR security threats (such as the Quest VR attack on Meta) could certainly diversify and multiply if left unmitigated…
- CIS Control 13: Network Monitoring and Defenseby Matthew Jerzewski on November 13, 2024 at 9:21 am
Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises should understand that their systems and networks are never perfectly immune to a cyberattack. Enterprises can leverage the safeguards provided by Control 13 to guide the evolution and maturity of their security posture. Network monitoring and defense should be viewed as a…