Blog

Blog

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)

By Ricardo Narvaja on Mon, 09/09/2024

In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...

Blog

What Is the NIST Risk Management Framework (RMF)?

By Antonio Sanchez on Mon, 08/26/2024

The NIST Risk Management Framework, or RMF, is a voluntary 7-step process used to manage information security and privacy risks. By following the NIST RMF, organizations can successfully implement their own risk management programs, maintain compliance, and address the weaknesses that present the greatest danger to their enterprise.

Blog

3 Components of a Proactive Security Strategy

By Mieng Lim on Mon, 07/22/2024

Your organization might have many cybersecurity defenses in place, but defenses alone are not enough to protect you from today’s multi-faceted cyberattacks. Proactively adding a layer of offensive security assessment and testing helps you pinpoint your system weaknesses before they are exploited. Proactive security measures help you stay ahead of attackers by:Identifying vulnerabilities and...

Blog

Major Launches Announced on Release Day 2024.2

Fri, 05/17/2024

About Fortra’s Release Day Each quarter, we at Fortra get to roll out the fruits of our labors for the past few months. We showcase new features, updates, and even products. This Release Day features several groundbreaking projects. We’ve broken into the XDR arena and are thrilled to introduce you to our new offering. We’ve issued major releases for over a half-dozen of our flagship products....

Blog

Going Phishing Isn't Seasonal–Get the Latest Results from 2023's Tournament

By Monica Delyani on Fri, 02/23/2024

Preview the latest global phishing benchmarking results and expert security awareness recommendations from Fortra's Terranova Security 2023 Gone Phishing Tournament.

Blog

How to Recover After Failing a Cybersecurity Audit

Tue, 12/12/2023

While it’s important to adhere to compliance regulations, blunders do happen. What does it mean when these blunders lead to you failing a cybersecurity audit, and how can you recover? Consequences of Failing a Cybersecurity Audit Failing a cybersecurity audit can mean several things. First, there’s the up-front legal fines that come with falling on the wrong side of compliance. Here are a few...

Blog

The Changing Role of Government in Cybersecurity

By Antonio Sanchez on Wed, 11/29/2023

Governments are responsible for carrying out their duties to defend the rights and safety of their citizens. Find out their role in the cyber landscape and how Fortra plays a part.

Blog

Financial Services Cybersecurity: What You Need to Know

By Antonio Sanchez on Wed, 10/11/2023

Today’s financial threat landscape is evolving, and firms are facing record high risk. Learn what’s causing the uptick and which essential cybersecurity practices will ke.ep you safe

Blog

Infographic: How to Protect Your Data from Social Engineering Attacks

Mon, 10/02/2023

Blog

INFOGRAPHIC: How to Protect Your Data from Ransomware Attacks

Wed, 09/27/2023

Ransomware can take on multiple forms. From phishing emails or USB keys containing malicious files to downloaded files from the internet, ransomware takes over your computer and holds your data hostage. Here are 7 tips for prevention.

Blog

INFOGRAPHIC: How to Protect Your Data from Spoofing Attacks

Tue, 09/19/2023

A social engineering attack needs only one thing to be successful: the trust of the targeted party. Here are 7 ways to protect against email spoofing.

Blog

INFOGRAPHIC: How to Protect Your Data from Smishing and Vishing

Mon, 09/11/2023

Smishing and vishing attacks can dupe even the most vigilant users with persuasive, convincing text and voice messages. Here are 6 ways to prevent these types of attacks.

Blog

Accelerating Security Maturity with Fortra Bundles

Tue, 08/29/2023

In The Importance of Layering Offensive Security Solutions, Fortra experts underscore the advantage of developing a single source offensive security tooling portfolio. Read on to find out the necessary ingredients for a proactive strategy and why Fortra’s ability to combine and maximize solutions optimizes security and produces the most effective outcomes.The Five Elements of an Offensive Security...

Blog

Cybersecurity Heats Up in the Summer

Tue, 08/22/2023

Blog

Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places

Wed, 08/09/2023

Blog

INFOGRAPHIC: How to Protect Your Data from Email Phishing Attacks

Wed, 08/02/2023

Responding to a sender, clicking on a link, or downloading a file that may not be trustworthy can lead to data corruption, leaked confidential information, and infected devices or networks. View this infographic to see tips for protecting against phishing attacks.

Blog

Yes, Cybercriminals Can Use ChatGPT to Their Advantage, Too

Thu, 06/22/2023

Blog

Security Awareness: The Groundwork of Cybersecurity Culture

Wed, 05/03/2023

It’s a big world out there, and cybercriminals know you don’t have time for everything. A common fallacy is that they’re lurking in dark basements, bending their brands to maximum capacity to create highly sophisticated exploits that blow any current security system out of the water. More often than not, they’re not.Criminal hackers go after the low...

Blog

9 Examples of Social Engineering Attacks

Fri, 04/14/2023

Blog

An IBM i Hacking Tale

By Pablo Zurro on Thu, 04/06/2023

Discover how penetration testing can be used on IBM i systems to find hidden vulnerabilities in your security. This post breaks down Core Impact's IBM i pen testing process from discovery to privilege escalation.

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)

What Is the NIST Risk Management Framework (RMF)?

3 Components of a Proactive Security Strategy

Major Launches Announced on Release Day 2024.2

Going Phishing Isn't Seasonal–Get the Latest Results from 2023's Tournament

How to Recover After Failing a Cybersecurity Audit

The Changing Role of Government in Cybersecurity

Financial Services Cybersecurity: What You Need to Know

Infographic: How to Protect Your Data from Social Engineering Attacks

INFOGRAPHIC: How to Protect Your Data from Ransomware Attacks

INFOGRAPHIC: How to Protect Your Data from Spoofing Attacks

INFOGRAPHIC: How to Protect Your Data from Smishing and Vishing

Accelerating Security Maturity with Fortra Bundles

Cybersecurity Heats Up in the Summer

Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places

INFOGRAPHIC: How to Protect Your Data from Email Phishing Attacks

Yes, Cybercriminals Can Use ChatGPT to Their Advantage, Too

Security Awareness: The Groundwork of Cybersecurity Culture

9 Examples of Social Engineering Attacks

An IBM i Hacking Tale

Contact Information

Privacy Policy

Cookie Policy

Impressum