Blog
Blog

Remote Code Execution Vulnerability in IBM i CVE-2023-30990

Fri, 07/07/2023
Fortra’s Vulnerability Research Team (VRT) has provided a scan check for CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service in Fortra VM.Per an IBM security bulletin, IBM i is vulnerable to a remote attacker executing arbitrary unauthenticated CL commands as a QUSER, a workstation user role without special authorities, due to weak error handling in the DDM architecture.IBM i DDM...
Vulnerability Management
Blog

Supply Chain Risk

By Antonio Sanchez on Thu, 07/06/2023
The supply chains of today’s global economy rely heavily on technology and information systems to deliver finished goods and services to the end user. However, for all the benefits of a hyperconnected economy this introduces, supply chains also carry with them a high degree of risk.
Thumbnail image of man sitting at computer
Blog

Cyber Insurance - Assessing Risks and Securing Your Future

By Antonio Sanchez on Thu, 06/29/2023
Cyber insurance is not the most glittering side of cybersecurity, but it has certainly earned its place in today's security debate. According to Statista, as of 2021, an average of 48 percent of organizations in selected countries worldwide had cyber insurance, with numbers being slightly higher for countries such as the U.S. (50 percent), Sweden (55 percent), and Austria (66 percent). Current...
infosec-thumbnail
Blog

Infosecurity Europe 2023 – That’s a Wrap!

By Nick Hogg on Tue, 06/27/2023
Infosecurity Europe has closed its doors for another year. The aftermath of these events can be a strange time; still reeling from the chaos of the show floor and nursing feet unaccustomed to such intense use, it’s often difficult to make sense of everything we’ve learned.
amy-thumbnail
Blog

Fostering a Top-Notch Customer Experience

Tue, 06/20/2023
As VP of Customer Operations, Amy Vogsland is all about customer experience. She leads a global department of 100 people who have exquisite attention to detail on all matters related to accounts, renewals, invoicing, and licensing.
Vulnerability Research

Patch Tuesday Update - June 2023

Tue, 06/13/2023
Today’s Microsoft Security Update addressed 78 vulnerabilities, including 6 that are rated as Critical. None of the vulnerabilities included in the Patch Tuesday release appear to be currently exploited in the wild.Of note, Microsoft SharePoint Server Elevation of Privilege Vulnerability (CVE-2023-29357) appears to allow an attacker to bypass authentication using a spoofed JWT authentication token...
Vulnerability Management
Blog

Fortra VM 6.5.4 Updates

By Mieng Lim on Wed, 05/31/2023
Every release helps update and pave the way for additional features and improvements. Based off of user feedback, here are the recent updates for Fortra VM (formerly Frontline VM).Linux AgentScan Linux assets that are not always connected to the network during normal network-based scan. Install and configure a schedule for Agents to check-in after the initial baseline scan is completed. Agents...
Vulnerability Management
Blog

How Enterprise VM Keeps Up with Modern Threats

By Mieng Lim on Tue, 05/23/2023
Vulnerability management is known for being a foundational cybersecurity practice. While open-source VM solutions have perhaps provided an introduction to the benefits of VM, the modern threat landscape makes it so organizations need more advanced and reliable tools to stay secure. Here’s why enterprise grade VM solutions are more essential now than ever. Beating complexity with technology...
Vulnerability Management
man working
Blog

Data Classification and Data Loss Prevention (DLP): A Comprehensive Data Protection Strategy

Tue, 05/23/2023
Data is the world’s currency and has been for some time. Protecting data should be at the top of the list for organizations of any size, and the heart of any security strategy. Think about it: the purpose of any firewall, email solution, compliance regulation, or XDR platform is to keep data safe. Why not cut to the heart of it with a dedicated Data Loss Prevention (DLP) solution? And why not...
Data Loss Prevention
Data Classification
Zero Trust Security
Blog

Key Insights for Zero Trust in 2023

By Antonio Sanchez on Mon, 05/08/2023
With the release of the 2023 Zero Trust Security Report, it’s a good time to reflect on the seismic shifts that have happened in the industry regarding network security. Discover key insights and impacts of Zero Trust in 2023.
woman and laptop
Blog

Security Awareness: The Groundwork of Cybersecurity Culture

Wed, 05/03/2023
It’s a big world out there, and cybercriminals know you don’t have time for everything. A common fallacy is that they’re lurking in dark basements, bending their brands to maximum capacity to create highly sophisticated exploits that blow any current security system out of the water. More often than not, they’re not.Criminal hackers go after the low...
Blog

Exploring the 2023 Penetration Testing Report: 5 Key Findings

Mon, 04/17/2023
Each year the threat landscape continues to evolve, and security measures must evolve with it. Recently released, Fortra’s 2023 Penetration Testing Report offers a view into the usage and perception of pen testing, with the intent to determine how these services must adapt in the future. Explore a few salient points in this edition that betrayed changes in the penetration testing landscape.
An IBM i Hacking Tale
Blog

An IBM i Hacking Tale

By Pablo Zurro on Thu, 04/06/2023
Discover how penetration testing can be used on IBM i systems to find hidden vulnerabilities in your security. This post breaks down Core Impact's IBM i pen testing process from discovery to privilege escalation.
IBM i Cybersecurity