Live Webinar
10:00 - 10:45am CST
Brandy Lulling
Blog
How to Proactively Harden Your Environment Against Compromised Credentials
Wed, 10/23/2024
How many user accounts do you have? Emails, social media, online shopping, streaming services—and that doesn’t even begin to account for professional logins. By the time you add them all up, it’s likely one hundred or more unique accounts.According to NordPass, the average user maintains an average of 168 logins for personal purposes, and no less than 87 for the workplace. This is an extraordinary...
On-Demand Webinar
IBM i Data from the Ground Up: Cybersecurity, Operations, Data Access and Management
Watch the recordings from Fortra's virtual event with COMMON, where our experts offered insight and examples of how organizations on IBM i can improve their security, operations, business intelligence, and document management strategy.
Live Webinar
12:00 - 12:30pm CST
Greg J. Schmidt
News Article
Dark Reading: Novel Exploit Chain Enables Windows UAC Bypass
By Tyler Reguly on Thu, 10/10/2024
Fortra's security research team has identified a novel exploit chain, tracked as CVE-2024-6769, which allows attackers to bypass Windows User Access Control (UAC) and escalate privileges to gain full system control.
News Article
Global Security Mag: Microsoft Vulnerability CVE-2024-6769 Now Public on Fortra.com
Wed, 10/09/2024
Fortra researchers are urging organizations to be vigilant about potential risks associated with a vulnerability affecting Microsoft systems.
News Article
CSO: Microsoft privilege escalation issue forces the debate: ‘When is something a security hole?’
By Tyler Reguly on Wed, 10/09/2024
CSO covered Fortra’s disclosure of a Microsoft privilege escalation issue that allows attackers to bypass UAC prompts. Fortra's Tyler Reguly explained that this bypass removes key security checks, posing a risk. Microsoft disagrees, calling it a convenience issue, but the debate continues.
Blog
CVE-2024-6769: Poisoning the Activation Cache to Elevate From Medium to High Integrity
By Ricardo Narvaja on Thu, 09/26/2024
This blog is about two chained bugs: Stage one is a DLL Hijacking bug caused by the remapping of ROOT drive and stage two is an Activation Cache Poisoning bug managed by the CSRSS server.The first stage was presented in detail at Ekoparty 2023 in the presentation called "I'm High" by Nicolás Economou from BlueFrost Security. He explained how to exploit the vulnerability which, at the time, had not...
Product Video
Sequel's Data Deployment Options
Watch this short video from IBM i data access expert Greg Schmidt for an overview of all the ways Sequel helps you access and work with your business data.
Guide
Decoding the Attacker Mindset: Pen Testing Revelations
Cybersecurity isn't just about defense—it's about understanding the offense. With penetration testing, organizations can learn to think like an attacker and develop more proactive strategies that anticipate attacks. In this guide, explore 5 scenarios that provide insight into the methods and techniques deployed in real-world pen testing engagements, including: Using a password spray attack to...
Blog
Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)
By Ricardo Narvaja on Mon, 09/09/2024
In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...
News Article
How to Fortify Defenses Before Threats Materialize
By Chris Reffkin on Mon, 09/09/2024
Cyber threats are becoming more sophisticated and frequent, yet many organizations still face challenges due to limited resources. In ITSecurityWire, Fortra's Chris Reffkin highlights prioritizing remediation, closing the skills gap, and ongoing improvement.
Blog
What Is the NIST Risk Management Framework (RMF)?
By Antonio Sanchez on Mon, 08/26/2024
The NIST Risk Management Framework, or RMF, is a voluntary 7-step process used to manage information security and privacy risks. By following the NIST RMF, organizations can successfully implement their own risk management programs, maintain compliance, and address the weaknesses that present the greatest danger to their enterprise.
Product Video
Sequel Viewpoint Union Views
Watch this video to learn how to use Sequel's Union Views to merge data with no definable file relationships.
Blog
3 Components of a Proactive Security Strategy
By Mieng Lim on Mon, 07/22/2024
Your organization might have many cybersecurity defenses in place, but defenses alone are not enough to protect you from today’s multi-faceted cyberattacks. Proactively adding a layer of offensive security assessment and testing helps you pinpoint your system weaknesses before they are exploited. Proactive security measures help you stay ahead of attackers by:Identifying vulnerabilities and...
Guide
Guide to Creating a Proactive Cybersecurity Strategy
Cyber attacks are common, with 89% of companies experiencing an attack in the last 12 months*. It’s time to stop asking if attacks will occur and start asking if you can stop attacks from being successful. One of the best ways to answer this question is by employing a proactive security program. Using assessment and testing to harden your cybersecurity measures, proactive security: Uncovers...
News Article
IT Nerd: Exclusive Insights from Fortra’s 2024 Penetration Testing Report
By Chris Reffkin on Fri, 06/28/2024
Fortra CISO Chris Reffkin spoke with IT Nerd and shared valuable insights from Fortra’s 2024 Penetration Testing Report.
Product Video
Sequel Data Warehouse ETL (Extract, Transform, Load) Overview and Demonstration
Wed, 06/26/2024
When data comes from all over your IT environment and is accessed in different ways by different users, your organization faces a lot of issues. Not only is the data inconsistent, but each database formats and delivers data differently. And there's no single filter through which all data goes to make sure it is high quality. That's where Sequel Data Warehouse can help. By accessing any data and...
On-Demand Webinar
How to Maximize Your BI Technology with a Data Warehouse
Watch this webinar to learn why Sequel Data Warehouse is the trusted tool for IBM i organizations to overcome the many types of data integration challenges.
News Article
Healthcare IT News: HHS Offers $50M to Help Providers Patch Ransomware Vulnerabilities
By Tyler Reguly on Fri, 06/07/2024
Is AI enough to help organizations keep up with constantly changing vulnerabilities? Tyler Reguly spoke with Healthcare IT News and shared his take on it.