Blog
Blog

Your Taxes Are Done but the Scammers Aren’t

By Meriam Senouci on Wed, 04/16/2025
This blog conducts a deep dive into a recent and widespread tax scam identified through Fortra’s threat research. It offers the reader a detailed analysis into the email lure and provides insights with predictions into how these scammers can continue targeting victims even after the tax deadline has passed.
RansomHouse
Blog

RansomHouse Ransomware: What You Need To Know

By Graham Cluley on Tue, 04/15/2025
What is RansomHouse?RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator's infrastructure to extort money from victims. So they are a bog-standard ransomware gang?Not quite. Many ransomware operations encrypt and steal your data, demanding a ransom for a...
attack-chain-exploitation
Blog

What Are the Cyber Kill Chain Stages? Stage Four: Exploitation

Thu, 04/10/2025
The exploitation phase of the cyber kill chain is when attackers leverage vulnerabilities to execute malicious code and gain unauthorized access. This blog explores common exploitation techniques, real-world examples, and practical mitigation strategies to protect your organization.
attack-chain-delivery
Blog

What Are the Cyber Kill Chain Stages? Stage Three: Delivery

Thu, 04/10/2025
This blog delves into the delivery stage of the cyber kill chain, where attackers transition from preparation to launching their payloads. It highlights common attack methods, proactive security measures, and how Fortra helps mitigate these cyber threats.
Vulnerability Research

Patch Tuesday Update - December 2024

By Mieng Lim on Wed, 04/09/2025
Fortra Vulnerability Management will include the Microsoft Patch Tuesday checks in the NIRV 4.56.0 and FVM Agent 2.17.Microsoft addressed 70 vulnerabilities this release, including 16 rated as Critical.CVE-2024-49138 - Microsoft has disclosed an actively exploited vulnerability that allows attackers to gain SYSTEM privileges on Windows devices. No further information is provided from Microsoft on...
Automation Solutions: Advice from Real Users
Blog

Automation Solutions: Advice from Real Users

Fri, 04/04/2025
Real users with real opinions offer valuable insight. When evaluating software solutions essential to your organization, the experiences of your peers should weigh heavily. PeerSpot, an enterprise-buying intelligence platform, has assembled a Peer Report to help navigate the advantages of using multiple automation solutions to enhance operational security and efficiency. You can download the...
Automation
Robotic Process Automation (RPA)
Blog

BEC Global Insights Report: February 2025

By John Farina on Fri, 03/07/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog

BEC Global Insights Report: March 2025

By John Farina on Fri, 03/07/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Tripwire VERT Patch Priority Index
Blog

Tripwire Patch Priority Index for February 2025

By Lane Thames on Wed, 03/05/2025
Tripwire's February 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve 4 remote code execution and 2 spoofing vulnerabilities.Next on the list are patches for Microsoft Office and Excel. These patches resolve 8 issues such as remote code execution and information disclosure...