A Comprehensive Guide to Enhancements and Key Features Dimitris Kokoutsidis, Nov 9, 2024, CyberFM Table of Contents Introduction To top Claris has once again expanded the functionality and reliability of its flagship database server with the release of FileMaker Server 2024 Version 21.1. This latest release is packed with new capabilities aimed at enhancing network
Source: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=FileMaker There are 16 CVE Records that match FileMaker in MITRE database. There is another CVE for 2024, CVE-2024-23202, as mentioned in https://cyberfm.eu/fms-privilege-escalation/ and https://fm-security.com/posts/priv_esc/ that is not published yet. Name Description CVE-2024-27794 Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker
Dimitris Kokoutsidis, Oct 22, 2024, CyberFM Monitoring tools are essential for maintaining the stability, performance, and security of your FileMaker Server. These tools enable developers and administrators to automate tasks, gain insights into server activity, and address issues before they escalate. In this comprehensive guide, we’ll delve into the top monitoring tools available for FileMaker
Dimitris Kokoutsidis, Oct 21, 2024, CyberFM The European Union’s Artificial Intelligence Act (EU AI Act) introduces a comprehensive regulatory framework for the use of AI systems, emphasizing risk management, transparency, and accountability. With the release of FileMaker 2024, which offers the ability to perform semantic searches using Local or Remote Large Language Models (LLMs), manufacturing
Ensuring Cyber Resilience in Manufacturing: Navigating NIS 2 Requirements with FileMaker Solutions Dimitris Kokoutsidis, Oct 16, 2024, CyberFM Understanding the practical implications of the NIS 2 Directive is crucial for manufacturing companies that rely on FileMaker solutions. The following detailed scenarios illustrate potential risks and challenges that such companies may face, along with the obligations
Dimitris Kokoutsidis, Oct 9, 2024, CyberFM Menu Key Provisions of the EU AI Act 1. Risk-Based Classification System To top The EU AI Act categorizes AI systems into four risk levels based on their potential impact on individuals’ safety and fundamental rights: 2. Transparency and Disclosure AI systems must meet transparency obligations to ensure users
Uncovering Access and Role Restriction Vulnerabilities in the FileMaker Server Admin Console Source: https://davidhamann.de/2024/10/09/fms-bypassing-restrictions/ With a few security features added to the FileMaker Server Admin Console in the last few versions, I decided to play around with them to see how they are implemented. In this article I want to highlight three of the issues
Navigating NIS 2 Compliance for FileMaker Developers: Key Impacts, Practical Steps, and Proactive Security Strategies Dimitris Kokoutsidis, Oct 9, 2024, CyberFM The European Union’s NIS 2 Directive represents a significant overhaul of the cybersecurity landscape, aiming to strengthen the resilience of critical infrastructure and essential services across member states. As a FileMaker developer, it’s crucial
Dimitris Kokoutsidis, Sept 8, 2024, CyberFM Many FileMaker developers rely on hardcoded license keys for plugin solutions. I have a few questions regarding this approach: Overview of Plugin License Texts Following the blog post, you’ll find the detailed license texts for major FileMaker plugins. This section serves as a guide to understand how each plugin
Dimitris Kokoutsidis, Sept 26, 2024, CyberFM Artificial Intelligence (AI) is no longer a futuristic concept; it is actively reshaping business landscapes across various industries. During Claris Engage 2024, Cris Ippolite delivered a compelling presentation on how businesses can harness AI’s power responsibly while considering potential risks. He shared real-world applications of AI, integrating pre-trained models
Dimitris Kokoutsidis, Sept 26, 2024, CyberFM 1. Audit Overview Objective:The goal of an audit is to ensure the reliability, security, and operational effectiveness of the FileMaker solution. The audit process involves identifying potential points of failure or security risks in the system and addressing them proactively. Process: Documentation Tips:Maintain both physical and digital copies of
Dimitris Kokoutsidis, Oct 6, 2024, CyberFM Menu: Understanding the Weakness of Startup Scripts as a Security Measure: The Illusion of Security with Startup Scripts: The Role of Script Debugger in Exploiting Startup Scripts: Full Access Account Reinsertion via Decompilation: The Critical Importance of Encryption and Robust Account Management: Encryption as the First Line of Defense:
Dimitris Kokoutsidis, Sept 26, 2024, CyberFM Introduction In the rapidly evolving landscape of artificial intelligence, Large Language Models (LLMs) like GPT-4 have become integral to numerous applications, including chatbots, virtual assistants, content generation, and more. While these models offer remarkable capabilities, they also introduce a new set of security challenges that must be addressed to
CVE macOS, Windows, Ubuntu FileMaker Server CVE-2024-23202 Source: https://fm-security.com/posts/priv_esc/ I have identified a privilege escalation vulnerability in FileMaker Server for all platforms (macOS, Windows, Ubuntu) This vulnerability allows an attacker, that has the most limited access to a remote database, hosted on FileMaker Server, to get full access privileges, with access to all data from all tables
Bypass authorization of FileMaker Server or “there is no such category” Source: https://fm-security.com/posts/bypass_auth/ CVE FileMaker Server CVE-2024-27790 Menu Introduction In the summer of 2023, I decided to investigate the internal communication protocol between FileMaker clients and the server. This led to the discovery of perhaps the most significant vulnerability in the platform’s history. I discovered that it