Blog
Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)
By Ricardo Narvaja on Mon, 09/09/2024
In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...
News Article
How to Fortify Defenses Before Threats Materialize
By Chris Reffkin on Mon, 09/09/2024
Cyber threats are becoming more sophisticated and frequent, yet many organizations still face challenges due to limited resources. In ITSecurityWire, Fortra's Chris Reffkin highlights prioritizing remediation, closing the skills gap, and ongoing improvement.
Blog
What Is the NIST Risk Management Framework (RMF)?
By Antonio Sanchez on Mon, 08/26/2024
The NIST Risk Management Framework, or RMF, is a voluntary 7-step process used to manage information security and privacy risks. By following the NIST RMF, organizations can successfully implement their own risk management programs, maintain compliance, and address the weaknesses that present the greatest danger to their enterprise.
Blog
Open-Source IT Tools: Advantages, Disadvantages, and How Halcyon Compares
By Mike Davison on Mon, 08/05/2024
Discover the advantages and disadvantages of open-source IT tools and how Halcyon's offerings for Linux, Windows, AIX, and IBM i multi-platform environments compares.
Blog
3 Components of a Proactive Security Strategy
By Mieng Lim on Mon, 07/22/2024
Your organization might have many cybersecurity defenses in place, but defenses alone are not enough to protect you from today’s multi-faceted cyberattacks. Proactively adding a layer of offensive security assessment and testing helps you pinpoint your system weaknesses before they are exploited. Proactive security measures help you stay ahead of attackers by:Identifying vulnerabilities and...
Guide
Guide to Creating a Proactive Cybersecurity Strategy
Cyber attacks are common, with 89% of companies experiencing an attack in the last 12 months*. It’s time to stop asking if attacks will occur and start asking if you can stop attacks from being successful. One of the best ways to answer this question is by employing a proactive security program. Using assessment and testing to harden your cybersecurity measures, proactive security: Uncovers...
News Article
IT Nerd: Exclusive Insights from Fortra’s 2024 Penetration Testing Report
By Chris Reffkin on Fri, 06/28/2024
Fortra CISO Chris Reffkin spoke with IT Nerd and shared valuable insights from Fortra’s 2024 Penetration Testing Report.
News Article
Healthcare IT News: HHS Offers $50M to Help Providers Patch Ransomware Vulnerabilities
By Tyler Reguly on Fri, 06/07/2024
Is AI enough to help organizations keep up with constantly changing vulnerabilities? Tyler Reguly spoke with Healthcare IT News and shared his take on it.
News Article
ComputerWeekly: Critical Sharepoint, Qakbot-Linked Flaws Focus of May Patch Tuesday
By Tyler Reguly on Fri, 06/07/2024
Tyler Reguly spoke with ComputerWeekly about the elevation of privilege (EoP) vulnerability in Windows DWM Core Library.
Guide
How to Use Upskilling and Reskilling to Scale Your Cybersecurity Team
The cybersecurity skills shortage is not just an ongoing inconvenience—it is a serious vulnerability that can be exploited by attackers. But how can organizations go about patching this gap while the talent gap endures? The answer lies in leveraging the resources you already have on hand: your existing workforce. How do you transform your existing personnel to meet today’s cybersecurity demands?...
Blog
Major Launches Announced on Release Day 2024.2
Fri, 05/17/2024
About Fortra’s Release Day
Each quarter, we at Fortra get to roll out the fruits of our labors for the past few months. We showcase new features, updates, and even products.
This Release Day features several groundbreaking projects. We’ve broken into the XDR arena and are thrilled to introduce you to our new offering. We’ve issued major releases for over a half-dozen of our flagship products....
Guide
2024 Pen Testing Report
Penetration testing has become a cornerstone of proactive security strategies by offering a practical way to assess security by using real-world attack techniques to gauge the feasibility of a threat actor compromising an IT enterprise. Through the exploitation of security vulnerabilities, pen testers can determine which security weaknesses pose the most risk and provide guidance for remediation. ...
News Article
The AI Journal: From Criminal Pastime to Cybersecurity Tool
Thu, 03/14/2024
Ethical hacking has become one of the most powerful tools for preventing cyber threats. Kyle Gaertner spoke with The AI Journal about the tool's importance.
Blog
How to Recover After Failing a Cybersecurity Audit
Tue, 12/12/2023
While it’s important to adhere to compliance regulations, blunders do happen. What does it mean when these blunders lead to you failing a cybersecurity audit, and how can you recover?
Consequences of Failing a Cybersecurity Audit
Failing a cybersecurity audit can mean several things.
First, there’s the up-front legal fines that come with falling on the wrong side of compliance. Here are a few...
Blog
The Changing Role of Government in Cybersecurity
By Antonio Sanchez on Wed, 11/29/2023
Governments are responsible for carrying out their duties to defend the rights and safety of their citizens. Find out their role in the cyber landscape and how Fortra plays a part.
Article
What's New in Automate
Mon, 10/16/2023
That latest version of Automate has just been released. Find out more about what's new!
Blog
Financial Services Cybersecurity: What You Need to Know
By Antonio Sanchez on Wed, 10/11/2023
Today’s financial threat landscape is evolving, and firms are facing record high risk. Learn what’s causing the uptick and which essential cybersecurity practices will ke.ep you safe
Article
The Importance of VIOS
Thu, 08/31/2023
VIOS is considered a standard in organizations running IBM i, AIX, and Linux workloads. But don’t put your business at risk by letting it run unchecked. Learn five areas you must be monitoring.
Blog
Accelerating Security Maturity with Fortra Bundles
Tue, 08/29/2023
In The Importance of Layering Offensive Security Solutions, Fortra experts underscore the advantage of developing a single source offensive security tooling portfolio. Read on to find out the necessary ingredients for a proactive strategy and why Fortra’s ability to combine and maximize solutions optimizes security and produces the most effective outcomes.The Five Elements of an Offensive Security...