Discover the significance of comprehensive application security assessments in identifying and addressing software vulnerabilities. Learn about the different types, including manual code reviews, automated vulnerability scanning, penetration testing, and security architecture reviews. Fortalice blog offers valuable insights to help you choose the right assessment for your organization.
API security protects an API’s confidentiality, integrity, and availability. Securing your API is essential as it helps protect your application and your data from malicious attacks, such as data theft, malicious code injection, and denial of service attacks. Prioritizing API security today will protect your business and customers from the devastating consequences of cyberattacks tomorrow.
Increasingly, cyber actors are employing LOTL attack, which blend (and obscure) their nefarious activities with legitimate tools and infrastructure already found (and regularly used) in your environment to mask their presence while greatly minimizing their chances of detection and attribution. Typically, the introduction of a third-part application generates an alert to the host from an endpoint detection and response (EXR) product. Unfortunately, LOTL enables the actor to skirt detection more easily and effectively.
On June 1, Progress Software (Progress) announced it had identified a vulnerability in its MOVEit File Transfer Tool. The vulnerability allowed cybercriminals to exploit a critical SQL injection that could lead to escalated privileges and potential unauthorized access to the environment.
To exploit Active Directory (AD) whether to get domain admin or reach target systems, Kallen Curtis highlights five common attack paths and how to prevent them.
Summer of 2020 was coined the "Summer of Ransomware", but are we about to have a second summer of ransomware in 2023?
Fortalice Solutions released a white paper, The Privacy Pitfalls and Security Dangers of Internet Trackers, which details the privacy concerns surrounding an organization’s use of internet trackers. For the last 10 months, Fortalice has completed more than 40 investigations related to third-party tracking technologies in the healthcare field. To that end, our team has provided the following update based on our experience.
During the course of our investigative work, Fortalice has observed an increasing and alarming trend: personal email compromise is leading to business email compromise. Threat actors will leverage weaknesses regarding executives’ or board members’ personal cybersecurity hygiene to gain access to their business accounts. Extortion also remains a top cybersecurity threat, with organized criminals overseas routinely targeting corporations and the people who support them.