Blog
BEC Global Insights Report: September 2024
By John Farina on Tue, 10/08/2024
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog
Fortra Insights: Customer Cybersecurity Challenges and Plans for 2025
By Lisa Lombardo on Thu, 10/03/2024
Fortra’s cybersecurity experts share insights into their customers’ top concerns and strategies for 2025. This article uncovers how businesses prepare to navigate the evolving cybersecurity landscape, from static budgets to compliance pressures and modern threats.
Blog
Advanced Task Creation: Using Variables and Loops in Automate
By EJ Stanley on Thu, 10/03/2024
Learn how to use variables and loops to build stronger RPA using Fortra’s Automate.
Blog
Election Integrity at Risk: Safeguarding 2024’s Global Polls from Cyber Attacks
By Antonio Sanchez on Tue, 10/01/2024
As the world prepares for the 2024 election cycle, cybersecurity, disinformation, and AI-driven manipulation are emerging as major threats to democratic processes. From deepfakes to foreign influence campaigns, the risks to election integrity are growing. Individuals, businesses, and governments must unite to protect global elections from these evolving challenges.
Blog
Are Younger Generations Losing Faith in Cybersecurity? The Oh, Behave! Report Investigates
By Antonio Sanchez on Fri, 09/27/2024
Times have changed since the happy-go-lucky internet days of the dot-com boom. Find out just how much, what that means, and what cybersecurity practitioners can do about it.
Blog
CVE-2024-6769: Poisoning the Activation Cache to Elevate From Medium to High Integrity
By Ricardo Narvaja on Thu, 09/26/2024
This blog is about two chained bugs: Stage one is a DLL Hijacking bug caused by the remapping of ROOT drive and stage two is an Activation Cache Poisoning bug managed by the CSRSS server.The first stage was presented in detail at Ekoparty 2023 in the presentation called "I'm High" by Nicolás Economou from BlueFrost Security. He explained how to exploit the vulnerability which, at the time, had not...
Blog
BEC Global Insights Report: August 2024
By John Farina on Thu, 09/26/2024
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog
3 Ways Malware Can Reach Your IFS
Tue, 09/24/2024
It's true that IBM i can't be infected by a PC virus. It's also true that the IFS can act as a host and spread malicious programs throughout your environment.
Blog
Using Reviews to Choose RPA Software
Thu, 09/12/2024
Analyze RPA reviews with a more critical eye to better understand how a robotic process automation vendor can meet your organization’s needs.
Blog
Patch Tuesday Update September 2024
By Tyler Reguly on Thu, 09/12/2024
Today, we get four vulnerabilities that have seen active exploitation, one of which has also been publicly disclosed.
Blog
Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)
By Ricardo Narvaja on Mon, 09/09/2024
In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...
Blog
Malware, Ransomware, and Viruses vs Your IBM i Server
By Sandi Moore on Tue, 09/03/2024
Many of us have heard that you can’t get a virus on this platform, but the reality is that the integrated file system (IFS) is a tree-like structure. This structure can house Word documents, PDFs, MP3s, JPEG images, and these files can be just as infected on the IBM i server as they can on any Windows work station or server.
Blog
Is Your Data REALLY Safe on the IBM i (AS/400)?
By Tom Huntington on Thu, 08/29/2024
Discover the three things you can do, starting today, to ensure your data is properly secured on your IBM i (AS/400).
Blog
Troubleshooting Advanced Web UI Automation Issues
By Darrell Walker on Thu, 08/29/2024
When web browser automation challenges arise, use these helpful Automate tips and tricks for troubleshooting issues and building stronger automation.
Blog
Introduction to Advanced Web UI Automation
By Darrell Walker on Thu, 08/29/2024
Learn web browser automation best practices using Fortra's Automate. Easily build out automations for web processes involving browsers and portals to eliminate manual tasks.
Blog
The Password Atmosphere – Problem, or Progress?
By Lisa Lombardo on Mon, 08/26/2024
Password security has evolved from simple physical protections to complex, multi-factor authentication systems. Experts suggest that while traditional passwords are becoming outdated, combining them with new technologies like biometrics and passkeys offers stronger security. Future trends point towards more user-friendly yet robust methods to safeguard digital access.
Blog
What Is the NIST Risk Management Framework (RMF)?
By Antonio Sanchez on Mon, 08/26/2024
The NIST Risk Management Framework, or RMF, is a voluntary 7-step process used to manage information security and privacy risks. By following the NIST RMF, organizations can successfully implement their own risk management programs, maintain compliance, and address the weaknesses that present the greatest danger to their enterprise.
Blog
Comparing RPA Platforms: Fortra’s Automate vs. Microsoft’s Power Automate
By EJ Stanley on Tue, 08/20/2024
See a head-to-head matchup between RPA platforms—Fortra’s Automate vs. Microsoft’s Power Automate—and compare licensing, functionality, support, and more.
Blog
Why Document Management Projects Fail
By Greg J. Schmidt on Mon, 08/19/2024
Find out how to make sure your document management project is a success.