Resources
Blog

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)

By Ricardo Narvaja on Mon, 09/09/2024
In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...
Infrastructure and Data Protection
IT Infrastructure Protection
fortra-what-is-nist-rmf
Blog

What Is the NIST Risk Management Framework (RMF)?

By Antonio Sanchez on Mon, 08/26/2024
The NIST Risk Management Framework, or RMF, is a voluntary 7-step process used to manage information security and privacy risks. By following the NIST RMF, organizations can successfully implement their own risk management programs, maintain compliance, and address the weaknesses that present the greatest danger to their enterprise.
Blog

3 Components of a Proactive Security Strategy 

By Mieng Lim on Mon, 07/22/2024
Your organization might have many cybersecurity defenses in place, but defenses alone are not enough to protect you from today’s multi-faceted cyberattacks. Proactively adding a layer of offensive security assessment and testing helps you pinpoint your system weaknesses before they are exploited. Proactive security measures help you stay ahead of attackers by:Identifying vulnerabilities and...
Guide

Guide to Creating a Proactive Cybersecurity Strategy

Cyber attacks are common, with 89% of companies experiencing an attack in the last 12 months*. It’s time to stop asking if attacks will occur and start asking if you can stop attacks from being successful. One of the best ways to answer this question is by employing a proactive security program. Using assessment and testing to harden your cybersecurity measures, proactive security: Uncovers...
Infrastructure and Data Protection
IT Infrastructure Protection
Guide

How to Use Upskilling and Reskilling to Scale Your Cybersecurity Team

The cybersecurity skills shortage is not just an ongoing inconvenience—it is a serious vulnerability that can be exploited by attackers. But how can organizations go about patching this gap while the talent gap endures? The answer lies in leveraging the resources you already have on hand: your existing workforce. How do you transform your existing personnel to meet today’s cybersecurity demands?...
Infrastructure and Data Protection
Release Day 2024.2
Blog

Major Launches Announced on Release Day 2024.2

Fri, 05/17/2024
About Fortra’s Release Day Each quarter, we at Fortra get to roll out the fruits of our labors for the past few months. We showcase new features, updates, and even products. This Release Day features several groundbreaking projects. We’ve broken into the XDR arena and are thrilled to introduce you to our new offering. We’ve issued major releases for over a half-dozen of our flagship products....
Guide

2024 Pen Testing Report

Penetration testing has become a cornerstone of proactive security strategies by offering a practical way to assess security by using real-world attack techniques to gauge the feasibility of a threat actor compromising an IT enterprise. Through the exploitation of security vulnerabilities, pen testers can determine which security weaknesses pose the most risk and provide guidance for remediation. ...
Blog

How to Recover After Failing a Cybersecurity Audit

Tue, 12/12/2023
While it’s important to adhere to compliance regulations, blunders do happen. What does it mean when these blunders lead to you failing a cybersecurity audit, and how can you recover? Consequences of Failing a Cybersecurity Audit Failing a cybersecurity audit can mean several things. First, there’s the up-front legal fines that come with falling on the wrong side of compliance. Here are a few...
Blog

What is Hyperautomation?

Wed, 11/08/2023
For many organizations, what were once islands of automation are converging. And they’re realizing there’s even more labor in their organizations that can be automated. But to bring it all together, they need a craftier strategy to make it happen. Enter hyperautomation. What started as the latest industry buzzword, has become a critical discipline to add to your digital transformation strategy. ...
Automation
Blog

Accelerating Security Maturity with Fortra Bundles

Tue, 08/29/2023
In The Importance of Layering Offensive Security Solutions, Fortra experts underscore the advantage of developing a single source offensive security tooling portfolio. Read on to find out the necessary ingredients for a proactive strategy and why Fortra’s ability to combine and maximize solutions optimizes security and produces the most effective outcomes.The Five Elements of an Offensive Security...
man working
Blog

Data Classification and Data Loss Prevention (DLP): A Comprehensive Data Protection Strategy

Tue, 05/23/2023
Data is the world’s currency and has been for some time. Protecting data should be at the top of the list for organizations of any size, and the heart of any security strategy. Think about it: the purpose of any firewall, email solution, compliance regulation, or XDR platform is to keep data safe. Why not cut to the heart of it with a dedicated Data Loss Prevention (DLP) solution? And why not...
Infrastructure and Data Protection
Data Protection
Data Classification
An IBM i Hacking Tale
Blog

An IBM i Hacking Tale

By Pablo Zurro on Thu, 04/06/2023
Discover how penetration testing can be used on IBM i systems to find hidden vulnerabilities in your security. This post breaks down Core Impact's IBM i pen testing process from discovery to privilege escalation.
IBM i Cybersecurity
Guide

Fortra's Complete Guide to Layered Offensive Security

Most organizations have a decent understanding of the types of defensive security tactics they need to employ to thwart cyberattacks. But offensive security techniques are just as important for detecting existing vulnerabilities that a threat actor has yet to discover and exploit. Learn how to approach offensive security from the ground up, including the value of using a layered security...
Infrastructure and Data Protection
IT Infrastructure Protection
Vulnerability Management
Offensive Security
Guide

2023 Pen Testing Report

Over the years, penetration testing has become an integral component in proactive approaches to security, evaluating and prioritizing risk before breaches occur. Through the exploitation of identified security vulnerabilities, penetration testing can effectively measure the feasibility of systems or end-user compromise and evaluate any related consequences such incidents may have on the involved...