Discover the significance of comprehensive application security assessments in identifying and addressing software vulnerabilities. Learn about the different types, including manual code reviews, automated vulnerability scanning, penetration testing, and security architecture reviews. Fortalice blog offers valuable insights to help you choose the right assessment for your organization.
API security protects an API’s confidentiality, integrity, and availability. Securing your API is essential as it helps protect your application and your data from malicious attacks, such as data theft, malicious code injection, and denial of service attacks. Prioritizing API security today will protect your business and customers from the devastating consequences of cyberattacks tomorrow.
Increasingly, cyber actors are employing LOTL attack, which blend (and obscure) their nefarious activities with legitimate tools and infrastructure already found (and regularly used) in your environment to mask their presence while greatly minimizing their chances of detection and attribution. Typically, the introduction of a third-part application generates an alert to the host from an endpoint detection and response (EXR) product. Unfortunately, LOTL enables the actor to skirt detection more easily and effectively.
On June 1, Progress Software (Progress) announced it had identified a vulnerability in its MOVEit File Transfer Tool. The vulnerability allowed cybercriminals to exploit a critical SQL injection that could lead to escalated privileges and potential unauthorized access to the environment.
To exploit Active Directory (AD) whether to get domain admin or reach target systems, Kallen Curtis highlights five common attack paths and how to prevent them.
Summer of 2020 was coined the "Summer of Ransomware", but are we about to have a second summer of ransomware in 2023?
Fortalice Solutions released a white paper, The Privacy Pitfalls and Security Dangers of Internet Trackers, which details the privacy concerns surrounding an organization’s use of internet trackers. For the last 10 months, Fortalice has completed more than 40 investigations related to third-party tracking technologies in the healthcare field. To that end, our team has provided the following update based on our experience.
During the course of our investigative work, Fortalice has observed an increasing and alarming trend: personal email compromise is leading to business email compromise. Threat actors will leverage weaknesses regarding executives’ or board members’ personal cybersecurity hygiene to gain access to their business accounts. Extortion also remains a top cybersecurity threat, with organized criminals overseas routinely targeting corporations and the people who support them.
Threat intelligence is an important tool in developing a mature security infrastructure. Discover the importance of threat intelligence and how it can help you stay ahead of cybersecurity threats. We explore the different types of threat intelligence, the benefits of implementing it, and how to use it effectively. Stay informed and keep your organization safe with the latest threat intelligence insights.
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.