Rebuilding a cybersecurity framework is remarkably similar to renovating a home. It’s time consuming, expensive, and, frankly, something that most people try to put off. However, just like a burst pipe or house fire would force you to renovate your home, there are certain indicators and situations that should prompt an immediate framework rebuild, regardless of budget constraints. This might...

Does there have to be tension between security and compliance? They’re certainly not the same, as I note in my previous blog, Security vs. Compliance: What’s the Difference? It’s never been fun to have to show your work, and nobody wants to be a nag, so how can the groups come together to create something stronger than the individual parts? Here are a few ways to create that winning alliance....

If the breach doesn’t get you, the fines will. According to the latest Cyber Readiness Report by SMB-focused insurer Hiscox, after being breached, one in three organizations were hit with fines large enough to impact their financial health.This could result from doing business in multiple markets - California, the EU, and Canada, for example - and accruing respective fines of thousands or even...

Normally when we write about a malware operation being disrupted, it's because it has been shut down by law enforcement. But in the case of Lumma Stealer, a notorious malware-as-a-service (MaaS) operation used to steal passwords and sensitive data, it appears to have been sabotaged by other cybercriminals.Lumma Stealer, also known as Water Kurita and Storm-2477, first came to prominence in 2022...

Some network projects, like equipment upgrades, training initiatives, and reporting, just never seem to get done. For a pep talk and practical tips to get started, keep reading.

There’s a common misconception: If organizations don’t use their domain to send email, they think DMARC is unnecessary. That couldn’t be farther from the truth. Imagine you don’t drive your car. You want to let everybody know that you don’t drive it, so if they see it around town, they know it’s not you - and something’s amiss. Fortra recently surveyed the top 10 million domains on the internet...

With network monitoring capabilities, an organization can easily measure the performance they receive from their service provider and compare these statistics against the checkpoints included in the SLA.

In the last few years, Turkey has found itself increasingly in the crosshairs of bad actors. In Q3 2023, phishing rose sharply with a 20% jump from the previous quarter and a 47% spike year-on-year. The country is also a key target for cyberattacks on industrial control systems. Cyber threats travel fast, while laws usually do not, but in Turkey, that gap is narrowing. What started as a bunch of...

The UK's National Cyber Security Centre (NCSC) has warned that the country faces an average of four "nationally significant" cyberattacks each week - a sharp 129% increase from the previous year.Of a total of 429 incidents handled by the NCSC, a record 204 were classified as nationally "significant," and 18 ranked even more seriously as "highly significant" (meaning that they had the potential to...

It was the most significant breach ever reported, but its origins were not uncommon. The 2024 Change Healthcare ransomware attack, which affected 190 million individuals and came with a price tag of $2.6 billion (and counting), started with an unauthorized intrusion.We spend billions of dollars annually on the best cybersecurity equipment innovated to date, but more and more, attackers are skating...

Fortra's September 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google. Up first on the list are Chromium and Microsoft Edge (Chromium-based) patches that resolve five issues, including use after free, inappropriate implementation, and security feature bypass vulnerabilities. Next are patches for Microsoft Office, Word, Excel, PowerPoint, and...

Security alerts never stop; they flood in, one after another. AI runs quietly in the background, sorting through a plethora of data, making snap decisions, and raising red flags when it finds anomalies. Unfortunately, somewhere else, bad actors are running similar algorithms, monitoring, probing, and learning. Efficiency (speed and scale) isn’t the danger, nor is the way security teams use these...

What's happened?The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records.Ouch! What organisations have been affected?On its dark web leak site, the hackers list numerous organisations whose Salesforce instances it claims to have breached via social...

Learn why Data Security Posture Management (DSPM) is critical to your zero trust architecture and an excellent starting point for building security resilience.

New research reveals that 81% of consumers would lose trust in a brand if their personal data was breached — even once. The 2025 CISO Benchmark Report, published by the Retail and Hospitality ISAC (RH-ISAC), examines the effects of digital transformation on cybersecurity initiatives within these sectors. Notably, the report emphasizes the need to secure the digital core, champion cybersecurity...

Cyber threats never wait for regulatory certainty. They exploit ambiguity, move through supply chains, and turn compliance gaps into points for entry. In Mexico, the regulatory picture is still forming, defined more by what it implies than what it demands. Mexico also ranks among the hardest-hit countries in Latin America when it comes to cyber threats. By 2024, the country accounted for more than...