Collaborate Disseminate
One CVE was used against “a small number of targets.” Windows 10 users needed to wait a little bit for their patches. Continue reading Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day
99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, according to Fortra. Only 1% of malicious emails that reached user inboxes delivered malware. This shows that while… Continue reading Only 1% of malicious emails that reach inboxes deliver malware
In this Help Net Security video, John Grancarich, Fortra’s Chief Strategy Officer, discusses the 2025 Fortra State of Cybersecurity Survey and highlights escalating concerns among security professionals about AI-driven threats and a shortage of c… Continue reading AI threats and workforce shortages put pressure on security leaders
For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they don’t automatically equate to strong cybersecurity. The challenge? Many organ… Continue reading The compliance illusion: Why your company might be at risk despite passing audits
We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks. These aren’t your run-of-the-mill phishing … Continue reading Scam Yourself attacks: How social engineering is evolving
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More » Continue reading Patch Tuesday, December 2024 Edition
Fortra limits access to FileCatalyst Workflow database after vendor knowledgebase article leaks default credentials.
The post Fortra Patches Critical Vulnerability in FileCatalyst Workflow appeared first on SecurityWeek.
Continue reading Fortra Patches Critical Vulnerability in FileCatalyst Workflow
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, t… Continue reading Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts.
The post Fortra Patches Critical SQL Injection in FileCatalyst Workflow appeared first on SecurityWeek.
Continue reading Fortra Patches Critical SQL Injection in FileCatalyst Workflow
A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to p… Continue reading PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)