Fortra Intelligence and Research Experts (FIRE) have conducted a deep technical analysis of BlueHammer, a highly sophisticated Windows zero-day exploit chain that achieves Local Privilege Escalation (LPE) to NT AUTHORITY\SYSTEM. To help security teams better navigate the advanced threat landscape, we are sharing this technical deep dive into how the exploit operates and how to defend against it...

Today’s cybercriminals prefer an easy entrance just as much as a sophisticated exploit. And most often, that’s where they start. Here is a list of seven overlooked attack vectors in which a serious threat could pop up, enter the network, and do serious damage. Remember: While many enterprise cybersecurity approaches are shooting high, a larger number of cybercriminals are “looking low.”1. Printers...

For anyone who’s been in cybersecurity for even the past five years, the trends are as unprecedented as they are obvious; attacks are now more sophisticated, subtle, and scalable than ever before. Cybercriminals use AI to automatically find vulnerabilities, the mean time-to-exploit has now dropped to only 5 days (down from 32), and there is little to stop spray-and-pray campaigners from...

Technical debt can have cybersecurity consequences. Even teams that feel they know exactly what needs fixing are often surprised at what a team of outside hackers can do – as they so often are during a breach.So how can you determine what’s emergency-worthy technical debt? Your backlog might not show it, but your pen test will.Technical Debt as Attack SurfaceIt’s difficult, if not impossible, to...