The IT Nerd

Global cybersecurity software and solutions provider Fortra has published details about a vulnerability affecting Microsoft systems that allows attackers to escalate privileges from medium to high integrity levels without triggering a UAC (user account control) prompt.

The UAC prompt is essential for preventing unauthorized actions by providing a security checkpoint for administrators. However, this exploit removes that safeguard, enabling attackers to execute high-level tasks without detection or administrative approval. This could have significant consequences, particularly in environments where elevated permissions are tightly controlled, such as corporate networks or government systems.

• Impact: Allows unauthorized escalation to high integrity without UAC, introducing serious post-compromise risks
• Affected Systems: Windows 10, Windows 11, Windows Server 2019/2022 (with all updates applied)
• Current Status: Microsoft has not classified this as a vulnerability according to their security criteria, but Fortra urges organizations to be aware of the risks, as this exploit can be used for privilege escalation post-compromise.

Fortra has developed a full working proof of concept and provided detailed insights into the vulnerability’s two-stage process, all of which can be found on their Security and Trust Center page: https://www.fortra.com/security/advisories/research/fr-2024-002. 

Global cybersecurity software and solutions provider Fortra has discovered a sophisticated QR code phishing campaign specifically targeting Microsoft Office 365 users across various industries, including finance and healthcare. In this campaign, employees are tricked into scanning a QR code sent through a blank email. That code redirects them to a highly personalized phishing page tailored to look like their company’s Office 365 login portal.

Now at this time, I don’t have a link to send you to read this document on for yourself. But here’s how the campaign works:

• The target, because this is a targeted attack, gets an email that contains a PDF. The PDF claims it is an “Enhanced Bonus Distribution Strategy” from HR and requests that the user scan a QR code to access the document.
• Embedded in the QR code was a phishing redirect link that takes the user to a fake Microsoft Identity Verification Check. Upon analyzing the source code of this page, it was discovered two base64 encoded strings. One decoded string is a URL for a site hosting an email list with n290,000 emails in it, and the other goes to the Office365 phishing attack. It was also discovered in the same code that if the users email address is in the email list, they are permitted to continue to the next part of the phish.
• The background of the Office365 phishing site changes to reflect the company name based on the users email domain. If the users email address is not found in the list, they are given four chances to input their email and then redirected to a random Wikipedia article. The user is given four chances so the attacker can harvest extra email addresses.

Why this matters:

• QR code phishing attacks are becoming more prevalent due to the reliance on remote and hybrid work environments, which often use QR codes for authentication, document sharing, and security. While often perceived as convenient or harmless, they are now being weaponized to bypass traditional email security measures.
• The phishing campaign was designed specifically to exploit Office 365, a platform used by over a million companies globally. With over 290,000 email addresses targeted in this attack, this finding represents a major security risk for companies relying on Office 365.
• The high level of personalization in the phishing attacks can easily trick even trained employees, increasing the risk of credential theft and data breaches.
• QR codes are under the radar for many cybersecurity protocols, as most rely on anti-phishing tools that scan links in emails, creating blind spots for security teams.

Thus the take home message is that scanning QR codes is becoming a risky endeavour. Thus if you get one from via email from someone that you don’t know, or that you don’t expect, your best course of action is to perhaps delete it and report it to your IT department as it might be dangerous.

Fortra announced today the availability of new Core, Advanced, and Elite bundles for Email Security. These new bundles bring together multiple Fortra products and services to provide comprehensive protection across the entire email threat lifecycle. 

Fortra’s new Core email security bundle includes:

• Cloud Email Protection – an integrated cloud email security solution (ICES) that uses AI, threat intelligence, and automation to detect and remediate advanced email threats.
• Terranova Security Awareness Training – a comprehensive training solution that enables organizations to develop positive security behaviors and measurably reduce human risk. 
• Suspicious Email Analysis – expert triage and response to suspicious messages reported by users, ensuring timely user feedback and prompt threat remediation. 

The Advanced Email Security bundle includes all solutions in Core and adds Agari DMARC Protection, which prevents email domain spoofing by simplifying policy deployment and ongoing monitoring. The Elite bundle includes all solutions in Advanced but adds PhishLabs’ Domain Monitoring to proactively detect and suspend look-alike domains, which are often used in phishing attacks, BEC, and other threats.

To learn more about Fortra’s Email Security bundles, visit: https://emailsecurity.fortra.com/resources/datasheets/fortra-email-security-bundles-datasheet.

Cyber security company Fortra has published details about a vulnerability they discovered in Microsoft’s Windows 10 and 11.

Fortra Principal Exploit Writer Ricardo Narvaja uncovered a vulnerability in the Common Log File System (CLFS.sys) driver of Windows, caused by improper validation of specified quantities in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, despite having all updates applied.

This has been published on Fortra’s new Security and Trust Center page: https://www.fortra.com/security/advisories/research

Fortra today announced a significant update to its managed application firewall (WAF) solution that aims to reduce client-side risk and protect users from data-stealing attacks in the browser, as outlined in new requirements in PCI DSS 4.0.

Fortra Managed WAF now includes enhanced client-side protection controls to eliminate reflected and inline cross-site scripting (XSS) attacks. This additional security helps Fortra customers meet and exceed PCI DSS 4.0 XSS controls in requirements 6.4.3 and 11.6.1, protecting users’ payment information from in-browser data-stealing attacks like Magecart.

A WAF is an essential element of a security strategy for any organization with a web presence and APIs. Fortra solves the most significant challenge of optimizing the protection provided by a WAF through its managed services for SMEs to Fortune 500 customers.

Fortra Managed WAF is the only WAF solution that enforces the execution of active items in the browser, regardless of whether they are delivered via inline, first, or third-party scripts. With this release, Fortra Managed WAF closes a gap that still is prevalent in competitors’ WAFs where they are unable to comprehensively address inline script integrity enforcement, a delivery mechanism used by most websites. 

Learn more about the enhancements to Fortra Managed WAF through a free demo. 

 Fortra announced today that it has released several new enhancements to its integrated cloud-based email security solution (ICES), Cloud Email Protection. New features include QR code threat detection, active content detection, and additional AI models.   

The following enhancements to Cloud Email Protection are now available: 

• Optical Character Recognition (OCR) – detects malicious content in images (such as QR code threats) 
• Active Content Detection – uncovers malicious code and other active content in messages, links, and attached files 
• AI Detection of Service Abuse – protects against email threats sent from legitimate online services 
• AI Detection of Spam Accounts – further protects against abusive spamming and related malicious activity 
• Dashboard improvements – includes new trending visuals and sorting that displays recent brand imposters, spoofed domains, and most attacked individuals 

Fortra continues to garner acclaim for email security since the launch of Cloud Email Protection in late 2023. In addition to being named a Top Player in Email Security by The Radicati Group, Fortra has also been recognized with a Cybersecurity Excellence Award for Email Security.  

Fortra recently published its 2024 Penetration Testing Report, which delivers crucial insights into how organizations are employing proactive security measures to fortify their defenses before threats materialize.

This comprehensive report, now in its fifth year, not only tracks trends and challenges but also provides an ongoing evaluation of penetration testing practices. In the interest of getting some more insight on this report, I had a quick Q&A with Chris Reffkin, Chief Security & Risk Officer at Fortra who provided these comments:

62% of respondents said lack of resources to act on findings/perform remediation was a challenge. What advice do you have for organizations with this issue?

Leaders need to understand the “so what” and “what’s the risk” relative to the findings of any security assessment. Not all findings are created equal, including all critical or high issues. Leaders need to translate those key findings into business mission and objective terminology. This will help articulate the risks to business leaders, so they understand the impact of not addressing such findings.

66% of respondents said lack of patching was a big security risk for them. Why does this issue continue to exist and how can pen testing help mitigate this risk?

The challenge of foundational security is not to be underestimated. A robust patch management program with operational considerations is a complex task. With thousands of assets, virtual or physical, and applications, organizations need to orchestrate business processes and other external dependencies to be patched at least monthly. Pen testing can be a valuable tool in this process, helping to concentrate limited resources on making iterative improvements and demonstrating the impact of potential gaps in patch management processes. By tying pen testing results to business objectives and specific control elements like patch management, organizations can drive significant improvements.

How can pen testing, red teaming and security awareness training help prevent phishing threats?

No control or process can prevent phishing threats, although there are several that can help you prepare. Security awareness training will help with high-level employee performance monitoring relative to phishing awareness. Pen testing will assist with broad control analysis of potential vulnerabilities or weak points throughout the environment. Red teaming will help answer the question of what happens after someone clicks the phishing link – a real work simulation of a sophisticated and targeted attack.

What are the cost-effective ways to approach pen testing?

Pen testing cost management comes down to scope and clear expectations on the use of results. One way to manage cost is to set a schedule of testing based on your organization’s risk assessment and cycle through different environments or specific systems based on risk to the organization. To effectively manage costs and achieve manageable results for remediation purposes, it’s more effective to cycle through a focused scope rather than hoping to cover everything with one substantial assessment once a year.

You can have a look at the report here.

Fortra today unveiled its highly anticipated cybersecurity platform, named Fortra, uniting cutting edge solutions under a single umbrella for powerful defense against multi-vector attacks.

Fortra’s platform comes to market with an approach that is smart and simple. With security products feeding the platform over time, it will detect attacks from many threat sources, aggregate and correlate them using artificial intelligence (AI) to recognize patterns, and then help customers mitigate risk, leading to a more resilient and secure organization.

The current version of the Fortra platform includes popular solutions like Fortra Cloud Email Protection, Fortra XDR, and Fortra Vulnerability Management. Coming later this year is Fortra Data Protection.

Key features of the Fortra platform are:

• Simple deployment, patching, and upgrades across solutions via a single agent framework
• Threat intelligence from across the Fortra portfolio goes into the platform, gets normalized, and returns to strengthen all products
• Clearer visibility into incident activity to prioritize and accelerate resolution

Fortra is showcasing its platform at the RSA Conference in San Francisco this week at the Moscone Center, South Hall, booth #527.

For more information about Fortra platform, visit: www.fortra.com/platform.

Today’s attackers are wiser to current cybersecurity defenses and therefore more sophisticated in their attacks. To this end, global cybersecurity software and services provider Fortra recently enhanced its Threat Intelligence offerings, adding high-fidelity threat intelligence with timely, curated data to level the playing field and provide cybersecurity analysts the edge needed to stay a step ahead of modern threat actors.

Fortra’s expanded Threat Intelligence services include:

• Dark Web Compromised Credentials Monitoring – widens visibility into stolen credential intelligence uncovered from dark web sites that are designed to harvest and sell employee and customer logins as well as passwords stolen by infostealers and botnets. It also guards against future attacks by implementing countermeasures such as forced password resets and lockouts.
• Threat Engagement and Disruption – covertly interacts with threat actors, on behalf of customers, to gain intelligence about the tactics, techniques, and procedures used. Enumerates threat actor infrastructure to disrupt Business Email Compromise (BEC) attacks and phishing sites.
• Intelligence Feeds – enriches existing internal threat data and optimizes security controls with Fortra’s high-fidelity threat indicators sourced from proprietary collection technologies and curated by expert researchers, to better detect and mitigate credential theft, email, and money mule threats.
• Intelligence Assessments – improves threat-based decision-making with supplemental, expanded insights from Fortra researchers on phishing incidents, email threats, and counterfeit threats.

With an expansive portfolio of cybersecurity technologies, Fortra has extensive visibility into the infrastructure and methods used by threat actors. Intelligence from these technologies is fed into the Fortra Threat Brain, where it is used to enrich its solutions and deliver intelligence services to customers.

Fortra is offering an in-depth review of the new threat intelligence services via webinar on Tuesday, April 30 at 11 a.m. Eastern, led by Cary Hudgins, Director of Product Management, and Michael Tyler, Senior Director, Security Operations at Fortra.

Organizations around the world are waking up to the business impact of lax cybersecurity: unexpected downtime, lost productivity, resources tied up in lawsuits and data breach notifications. That was evident this year, when a record-setting 79% of IBM i pros surveyed ranked cybersecurity as a top concern in this year’s IBM i Marketplace Survey.

Now in its 21^st year, the newly released 2024 State of IBM i Security Study, by global cybersecurity software and service provider Fortra, reveals concrete, impartial data about how IBM i systems are protected and where the gaps remain, andprovides compelling insight into the security posture of 148 IBM i server partitions – systems that are used to host business-critical applications, and that often house electronic personal health information (ePHI), financial data, and personally identifiable information (PII).

My advice would be to set aside some time to read the State of IBM i Security Study as it’s pretty eye opening. And it may give you some ideas as to where to look for gaps and fill them before threat actors look for said gaps and exploit them.