Category: blog

4 Reasons risk-based prioritization better aligns with business objectives than CVSS prioritization

4 Reasons risk-based prioritization better aligns with business objectives than CVSS prioritization Traditionally, organizations have used Common Vulnerability Scoring System (CVSS) scores to prioritize their vulnerabilities. CVSS scoring was created almost two decades ago with the intent of providing “open and universally standard severity ratings of software vulnerabilities.” They do a good job looking for […]

Threat Groups Actively Targeting Higher Education Institutions 

Threat Groups Actively Targeting Higher Education Institutions Jan. 2023 Threat Advisory  Summary  Threat intelligence can provide valuable insights into the latest vulnerabilities being actively exploited by cybercriminals, as well as the potential impact these vulnerabilities could have on your organization. This information can help you prioritize vulnerabilities and determine the most effective patching or mitigation […]

APT Group Targeting Higher Education

How APT Group Mustang Panda is Targeting Higher Education Threat Advisory – Higher Education Sep-Nov 2022 Universities and Colleges are no exception to the increasing attention they are getting from threat groups. In this post we will give an overview of a trending APT group targeting higher education, highlight the CVEs that group is targeting, […]

NSPM-33 Research Cybersecurity Guidance

NSPM-33 Research Cybersecurity Guidance This post provides background on the National Security Presidential Memorandum-33 (NSPM-33) for research institutions that receive federal support, who it applies to and a focus on the research security program requirements.  Recently the National Science and Technology Council developed implementation guidance, in conjunction with the White House Office of Science and […]

Third-Party Cyber Risk Management: Automating Product and Service Specific Assessments

Third Party Cyber Risk Management: Automating Product and Service Specific Assessments Digital transformation and an inter-connected supply chain that leverages third-party software to fulfill business needs is placing a high priority on assessing third parties and their services.    Traditional third-party risk assessments and first-generation security ratings products do not provide the level of visibility […]

FortifyData’s Alignment with NIST SP 800-40

FortifyData’s Alignment with NIST SP 800-40 While patching of systems has long been a common IT function, organizations vary greatly in their processes. NIST SP 800-40 is a “Guide to Enterprise Patch Management Planning” that helps to provide structure to the organizational process of patch management. Within the software vulnerability management lifecycle, found in section […]

How Old Vulnerabilities Introduce Zero-Day Risks

How Old Vulnerabilities Introduce Zero-Day Risks Earlier this year a joint cybersecurity advisory from U.S and allied cybersecurity authorities identified the top exploited vulnerabilities and exposures (CVEs) of 2021. We noted in a blog post about the advisory that out of the vulnerabilities on the list, 25% of them were identified in 2020 and earlier […]

Threat Advisory: Chromium Zero Day (MS Edge and Google Chrome)

Threat Advisory: Chromium Zero Day(MS Edge and Google Chrome) Threat Chromium Zero Day (MS Edge and Google Chrome) Vulnerability CVE-2022-22941 CVSS – 8.8 HIGH Vulnerability Publication Date – 07/07/2022 Exploits Available – Yes, private   Description There is very little information available about this vulnerability other than it has been exploited in the wild. Both […]