Fortra – WindowsTechs.com

Patch Tuesday, December 2024 Edition

Posted on December 11, 2024 by BrianKrebs

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More » Continue reading Patch Tuesday, December 2024 Edition→

Fortra Patches Critical Vulnerability in FileCatalyst Workflow

Posted on August 30, 2024 by Ionut Arghire

Fortra limits access to FileCatalyst Workflow database after vendor knowledgebase article leaks default credentials.
The post Fortra Patches Critical Vulnerability in FileCatalyst Workflow appeared first on SecurityWeek.
Continue reading Fortra Patches Critical Vulnerability in FileCatalyst Workflow→

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Posted on August 28, 2024 by Zeljka Zorz

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, t… Continue reading Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)→

Fortra Patches Critical SQL Injection in FileCatalyst Workflow

Posted on June 28, 2024 by Ionut Arghire

Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts.
The post Fortra Patches Critical SQL Injection in FileCatalyst Workflow appeared first on SecurityWeek.
Continue reading Fortra Patches Critical SQL Injection in FileCatalyst Workflow→

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

Posted on June 27, 2024 by Zeljka Zorz

A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to p… Continue reading PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)→

Cybercriminal adoption of browser fingerprinting

Posted on April 5, 2024 by Help Net Security

Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers … Continue reading Cybercriminal adoption of browser fingerprinting→

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Posted on March 19, 2024 by Helga Labus

Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that i… Continue reading PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)→

PoC Published for Critical Fortra Code Execution Vulnerability

Posted on March 18, 2024 by Ionut Arghire

A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution.
The post PoC Published for Critical Fortra Code Execution Vulnerability appeared first on SecurityWeek.
Continue reading PoC Published for Critical Fortra Code Execution Vulnerability→

The dark side of GenAI

Posted on March 18, 2024 by Help Net Security

Beyond traditional AI models, generative AI (GenAI) can create new content, images, and even entire scenarios from scratch. While this technology holds immense promise across various sectors, it also introduces challenges and threats to cybersecurity. … Continue reading The dark side of GenAI→

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Posted on January 24, 2024 by Zeljka Zorz

Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based m… Continue reading PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)→