Live Event
11:00 - 11:45am GMT
Michael Barford
Live Event
11:00 - 11:45am AEDT
Michael Barford
Live Event
10:00 - 11:00am CST
Matthew Jerzewski
Live Webinar
Dec
03
7:00 - 8:00am PST
Live Webinar
8:00 - 8:45am PST
Scott Messick
Blog
How to Proactively Harden Your Environment Against Compromised Credentials
Wed, 10/23/2024
How many user accounts do you have? Emails, social media, online shopping, streaming services—and that doesn’t even begin to account for professional logins. By the time you add them all up, it’s likely one hundred or more unique accounts.According to NordPass, the average user maintains an average of 168 logins for personal purposes, and no less than 87 for the workplace. This is an extraordinary...
News Article
October Patch Tuesday roundup: One Windows hole has a score of 9.8
By Tyler Reguly on Tue, 10/22/2024
Tyler Reguly, Associate Director of Security R&D at Fortra, was featured in Howard’s Substack article covering October’s Patch Tuesday updates.
Live Event
Nov
13
9:00am - 3:30pm CST
News Article
Forbes: Update Now As Critical Windows 9.8/10 Vulnerability Confirmed
By Tyler Reguly on Thu, 10/17/2024
In a recent Forbes article, Tyler Reguly, Associate Director of Security R&D at Fortra, highlights the importance of addressing CVE-2024-43468, a critical vulnerability rated 9.8/10.
News Article
Computer Weekly: Five Zero-Days to Be Fixed on October Patch Tuesday
By Tyler Reguly on Tue, 10/15/2024
Fortra’s Tyler Reguly is quoted in a recent Computer Weekly article, discussing the highlights of October’s Patch Tuesday.
News Article
Dark Reading: Novel Exploit Chain Enables Windows UAC Bypass
By Tyler Reguly on Thu, 10/10/2024
Fortra's security research team has identified a novel exploit chain, tracked as CVE-2024-6769, which allows attackers to bypass Windows User Access Control (UAC) and escalate privileges to gain full system control.
News Article
Global Security Mag: Microsoft Vulnerability CVE-2024-6769 Now Public on Fortra.com
Wed, 10/09/2024
Fortra researchers are urging organizations to be vigilant about potential risks associated with a vulnerability affecting Microsoft systems.
News Article
CSO: Microsoft privilege escalation issue forces the debate: ‘When is something a security hole?’
By Tyler Reguly on Wed, 10/09/2024
CSO covered Fortra’s disclosure of a Microsoft privilege escalation issue that allows attackers to bypass UAC prompts. Fortra's Tyler Reguly explained that this bypass removes key security checks, posing a risk. Microsoft disagrees, calling it a convenience issue, but the debate continues.
Live Event
9:00am - 4:30pm CDT
Blog
CVE-2024-6769: Poisoning the Activation Cache to Elevate From Medium to High Integrity
By Ricardo Narvaja on Thu, 09/26/2024
This blog is about two chained bugs: Stage one is a DLL Hijacking bug caused by the remapping of ROOT drive and stage two is an Activation Cache Poisoning bug managed by the CSRSS server.The first stage was presented in detail at Ekoparty 2023 in the presentation called "I'm High" by Nicolás Economou from BlueFrost Security. He explained how to exploit the vulnerability which, at the time, had not...
Guide
Decoding the Attacker Mindset: Pen Testing Revelations
Cybersecurity isn't just about defense—it's about understanding the offense. With penetration testing, organizations can learn to think like an attacker and develop more proactive strategies that anticipate attacks. In this guide, explore 5 scenarios that provide insight into the methods and techniques deployed in real-world pen testing engagements, including: Using a password spray attack to...
Blog
Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)
By Ricardo Narvaja on Mon, 09/09/2024
In this blog post, I will explain a vulnerability in the Microsoft Windows Desktop Windows Manager (DWM) Core library that I analyzed when the exploit for Core Impact was being developed. This vulnerability allows an unprivileged attacker to execute code as a DWM user with Integrity System privileges (CVE-2024-30051).Since there was not enough public information at the time to develop the exploit,...
News Article
How to Fortify Defenses Before Threats Materialize
By Chris Reffkin on Mon, 09/09/2024
Cyber threats are becoming more sophisticated and frequent, yet many organizations still face challenges due to limited resources. In ITSecurityWire, Fortra's Chris Reffkin highlights prioritizing remediation, closing the skills gap, and ongoing improvement.
Blog
Is Your Data REALLY Safe on the IBM i (AS/400)?
By Tom Huntington on Thu, 08/29/2024
Discover the three things you can do, starting today, to ensure your data is properly secured on your IBM i (AS/400).