Resources

Live Event
The Center for Internet Security (CIS) Critical Security Controls (CSC) are a trusted source of truth in the cybersecurity community. Many organizations implement the CIS CSC framework to ensure their cybersecurity programs are functioning at peak effectiveness. The latest iteration, CIS CSC v8.1, was released earlier this year. Join Matthew Jerzewski, Cybersecurity Researcher...
Live Webinar
The popularity of cloud-based file sharing services such as AWS, Dropbox, and OneDrive is undeniable. However, these user-friendly solutions come with some critical security drawbacks.Join Scott Messick, Lead Solutions Engineer, Fortra Dec. 12, as he discusses the pros and cons of cloud file sharing and introduce the advantages secure, managed file transfer (MFT) offers for...
Blog

How to Proactively Harden Your Environment Against Compromised Credentials

How many user accounts do you have? Emails, social media, online shopping, streaming services—and that doesn’t even begin to account for professional logins. By the time you add them all up, it’s likely one hundred or more unique accounts.According to NordPass, the average user maintains an average of 168 logins for personal purposes, and no less than 87 for the workplace. This is an extraordinary...
Live Event
In many ways, 2024 has been a landmark year for cybersecurity. At Fortra, our cybersecurity experts have no shortage of opinions on where we’ll go next. From cyber insurers raising the bar with their own compliance requirements to shifting market dynamics, the events of 2024 will have significant consequences for the shape of the industry in the months ahead. Tune in as a...
On-Demand Webinar

[WEBINAR] Bearing the Load: Managing Supply Chain Risk

Session DetailsThe risk you carry as an enterprise is no longer entirely in your control. Or is it?Join Fortra as we discuss one of the hottest topics in cybersecurity today: third-party risk. Partnering with outside organizations can be an instant liability, but in today’s vastly interconnected business economy, it's a necessary evil. Lengthened supply chains facilitate faster and cheaper...
News Article

Dark Reading: Novel Exploit Chain Enables Windows UAC Bypass

​​Fortra's security research team has identified a novel exploit chain, tracked as CVE-2024-6769, which allows attackers to bypass Windows User Access Control (UAC) and escalate privileges to gain full system control.
News Article

​​CSO: Microsoft privilege escalation issue forces the debate: ‘When is something a security hole?’​

​​CSO covered Fortra’s disclosure of a Microsoft privilege escalation issue that allows attackers to bypass UAC prompts. Fortra's Tyler Reguly explained that this bypass removes key security checks, posing a risk. Microsoft disagrees, calling it a convenience issue, but the debate continues.​
News Article

CyberTech Insights: The Cybersecurity Gap: Why Even the Best-Trained Teams Still Vulnerable to Attacks

In a new article for CyberTech Insights, John Grancarich, Fortra's Chief Strategy Officer, explores why security awareness training matters more than ever. Drawing from personal experiences with cyber extortion and phishing, John highlights how continuous practice can better prepare us for real-world risks.Originally published in CyberTech Insights.Excerpt:“We’re not going to get any less busy, so...
Blog

CVE-2024-6769: Poisoning the Activation Cache to Elevate From Medium to High Integrity

This blog is about two chained bugs: Stage one is a DLL Hijacking bug caused by the remapping of ROOT drive and stage two is an Activation Cache Poisoning bug managed by the CSRSS server.The first stage was presented in detail at Ekoparty 2023 in the presentation called "I'm High" by Nicolás Economou from BlueFrost Security. He explained how to exploit the vulnerability which, at the time, had not...