Resources

Live Webinar
Join data access expert Greg Schmidt for a live webinar on November 14th as he demonstrates how Sequel puts the power of your business data in the hands of your users.
News Article

Dark Reading: Novel Exploit Chain Enables Windows UAC Bypass

​​Fortra's security research team has identified a novel exploit chain, tracked as CVE-2024-6769, which allows attackers to bypass Windows User Access Control (UAC) and escalate privileges to gain full system control.
Blog

BEC Global Insights Report: September 2024

The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
News Article

CyberTech Insights: The Cybersecurity Gap: Why Even the Best-Trained Teams Still Vulnerable to Attacks

In a new article for CyberTech Insights, John Grancarich, Fortra's Chief Strategy Officer, explores why security awareness training matters more than ever. Drawing from personal experiences with cyber extortion and phishing, John highlights how continuous practice can better prepare us for real-world risks.Originally published in CyberTech Insights.Excerpt:“We’re not going to get any less busy, so...
News Article

VM Blog: Expert Insights on National Insider Threat Awareness Month

Insider threats—whether intentional or accidental—can have devastating effects on businesses of all sizes. Antonio Sanchez of Fortra, along with other industry experts, shares key insights into the evolving landscape of insider threats and offers strategies for mitigating these risks.
Live Event
Join us as we proudly sponsor the VMUG UserCon on October 24th! Swing by for a chat about MFT and see how we can help with your IT problems. Haven’t secured your spot yet? It’s free! ...
Blog

CVE-2024-6769: Poisoning the Activation Cache to Elevate From Medium to High Integrity

This blog is about two chained bugs: Stage one is a DLL Hijacking bug caused by the remapping of ROOT drive and stage two is an Activation Cache Poisoning bug managed by the CSRSS server.The first stage was presented in detail at Ekoparty 2023 in the presentation called "I'm High" by Nicolás Economou from BlueFrost Security. He explained how to exploit the vulnerability which, at the time, had not...
Blog

BEC Global Insights Report: August 2024

The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.