Blog
Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)
By Ricardo Narvaja on Mon, 09/09/2024
In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...
News Article
How to Fortify Defenses Before Threats Materialize
By Chris Reffkin on Mon, 09/09/2024
Cyber threats are becoming more sophisticated and frequent, yet many organizations still face challenges due to limited resources. In ITSecurityWire, Fortra's Chris Reffkin highlights prioritizing remediation, closing the skills gap, and ongoing improvement.
News Article
Anti-Phishing Working Group (APWG): Phishing Activity Trends Report for Q2 2024
By John Wilson on Wed, 08/28/2024
The Anti-Phishing Working Group (APWG) has released its Phishing Activity Trends Report for Q2 2024, offering an in-depth analysis of recent phishing attacks and identity theft techniques. Fortra contributed to this report, with John Wilson providing insights on business email compromise (BEC).
Blog
What Is the NIST Risk Management Framework (RMF)?
By Antonio Sanchez on Mon, 08/26/2024
The NIST Risk Management Framework, or RMF, is a voluntary 7-step process used to manage information security and privacy risks. By following the NIST RMF, organizations can successfully implement their own risk management programs, maintain compliance, and address the weaknesses that present the greatest danger to their enterprise.
Datasheet
Fortra’s Email Security Bundles Datasheet
Fortra Email Security makes it easy to deploy interoperable layers of defense that span the entire threat lifecycle from pre-delivery staging to post-delivery via an integrated solution that automates phish reporting, triage, and remediation.
News Article
Techopedia: FishXProxy: Dark Web’s Next-Gen ‘Ultimate Phishing Toolkit’ Alarms Experts
By Michael Tyler on Fri, 08/02/2024
In this Techopedia article, Michael Tyler discusses new phishing malware kit FishXProxy.
Blog
3 Components of a Proactive Security Strategy
By Mieng Lim on Mon, 07/22/2024
Your organization might have many cybersecurity defenses in place, but defenses alone are not enough to protect you from today’s multi-faceted cyberattacks. Proactively adding a layer of offensive security assessment and testing helps you pinpoint your system weaknesses before they are exploited. Proactive security measures help you stay ahead of attackers by:Identifying vulnerabilities and...
Guide
Guide to Creating a Proactive Cybersecurity Strategy
Cyber attacks are common, with 89% of companies experiencing an attack in the last 12 months*. It’s time to stop asking if attacks will occur and start asking if you can stop attacks from being successful. One of the best ways to answer this question is by employing a proactive security program. Using assessment and testing to harden your cybersecurity measures, proactive security: Uncovers...
News Article
Cyber Defense Magazine: New Phishing Campaign Using AI Generated Emails, Human Live Chat to Target Social Media Business Accounts
By Michael Tyler on Fri, 06/28/2024
In this Cyber Defense Magazine article, Michael Tyler, Sr. Director of Security Operations at Fortra, discusses a sophisticated phishing campaign targeting Meta business accounts. He explains the tactics behind the campaign and shares tips to protect against it.
News Article
IT Nerd: Exclusive Insights from Fortra’s 2024 Penetration Testing Report
By Chris Reffkin on Fri, 06/28/2024
Fortra CISO Chris Reffkin spoke with IT Nerd and shared valuable insights from Fortra’s 2024 Penetration Testing Report.
News Article
Best Life: How to Identify Phishing Emails
Fri, 06/14/2024
Struggling to identify phishing emails? Theo Zafirakos shared valuable tips on how to spot email scams and stay safe.
On-Demand Webinar
IBM i Performance Week
Robot Monitor and Performance Navigator are powerhouses when it comes to performance monitoring and management. That’s why it’s essential for your team to understand how to harness their raw potential and put them to work so that nothing you deem critical slips through the cracks. This webinar series is your chance!
News Article
Healthcare IT News: HHS Offers $50M to Help Providers Patch Ransomware Vulnerabilities
By Tyler Reguly on Fri, 06/07/2024
Is AI enough to help organizations keep up with constantly changing vulnerabilities? Tyler Reguly spoke with Healthcare IT News and shared his take on it.
News Article
ComputerWeekly: Critical Sharepoint, Qakbot-Linked Flaws Focus of May Patch Tuesday
By Tyler Reguly on Fri, 06/07/2024
Tyler Reguly spoke with ComputerWeekly about the elevation of privilege (EoP) vulnerability in Windows DWM Core Library.
News Article
Investopedia: How to Report Identity Theft
By John Wilson on Fri, 06/07/2024
What should you do if you’ve experienced identity theft? In his discussion with Investopedia, John Wilson highlights the steps to take if your identity is stolen and shares tips on how to prevent it in the first place.
Guide
How to Use Upskilling and Reskilling to Scale Your Cybersecurity Team
The cybersecurity skills shortage is not just an ongoing inconvenience—it is a serious vulnerability that can be exploited by attackers. But how can organizations go about patching this gap while the talent gap endures? The answer lies in leveraging the resources you already have on hand: your existing workforce. How do you transform your existing personnel to meet today’s cybersecurity demands?...
News Article
The Register: Prolific Phishing-Made-Easy Emporium LabHost Knocked Offline in Cyber-Cop Op
Tue, 05/07/2024
Global Police Operation has taken down a major PhaaS provider, LabHost. Fortra provided details on the platform’s North American and international subscription packages.
News Article
The Hacker News: Global Police Operation Disrupts 'LabHost' Phishing Service
Tue, 05/07/2024
One of the largest Phishing-as-a-Service (PhaaS) providers, LabHost was disrupted with over 30 people arrested worldwide.
News Article
BleepingComputer: LabHost Phishing Service With 40,000 Domains Disrupted, 37 Arrested
Tue, 05/07/2024
A major phishing service with over 40,000 domains was disrupted in a year-long global law enforcement operation.