31 mins

Dimitris Kokoutsidis

In-Depth Scenarios Illustrating NIS 2 Implications for Manufacturing Companies Using FileMaker

Ensuring Cyber Resilience in Manufacturing: Navigating NIS 2 Requirements with FileMaker Solutions Dimitris Kokoutsidis, Oct 16, 2024, CyberFM Understanding the practical implications of the NIS 2 Directive is crucial for manufacturing companies that rely on FileMaker solutions. The following detailed scenarios illustrate potential risks and challenges that such companies may face, along with the obligations

21 mins

David Hamann

FileMaker Server Admin Console: Access and Role Restriction Issues

Uncovering Access and Role Restriction Vulnerabilities in the FileMaker Server Admin Console Source: https://davidhamann.de/2024/10/09/fms-bypassing-restrictions/ With a few security features added to the FileMaker Server Admin Console in the last few versions, I decided to play around with them to see how they are implemented. In this article I want to highlight three of the issues

23 mins

Dimitris Kokoutsidis

How NIS 2 Affects FileMaker Developers: A Comprehensive Guide to Compliance and Best Practices

Navigating NIS 2 Compliance for FileMaker Developers: Key Impacts, Practical Steps, and Proactive Security Strategies Dimitris Kokoutsidis, Oct 9, 2024, CyberFM The European Union’s NIS 2 Directive represents a significant overhaul of the cybersecurity landscape, aiming to strengthen the resilience of critical infrastructure and essential services across member states. As a FileMaker developer, it’s crucial

10 mins

Dimitris Kokoutsidis

Bridging the AI Innovation Gap: Cris Ippolite’s U.S. Perspective Meets the EU AI Act

Dimitris Kokoutsidis, Sept 26, 2024, CyberFM Artificial Intelligence (AI) is no longer a futuristic concept; it is actively reshaping business landscapes across various industries. During Claris Engage 2024, Cris Ippolite delivered a compelling presentation on how businesses can harness AI’s power responsibly while considering potential risks. He shared real-world applications of AI, integrating pre-trained models

68 mins

Dimitris Kokoutsidis

Understanding the OWASP Top 10 Vulnerabilities for Large Language Model Applications

Dimitris Kokoutsidis, Sept 26, 2024, CyberFM Introduction In the rapidly evolving landscape of artificial intelligence, Large Language Models (LLMs) like GPT-4 have become integral to numerous applications, including chatbots, virtual assistants, content generation, and more. While these models offer remarkable capabilities, they also introduce a new set of security challenges that must be addressed to

18 mins

Alexey Dubov

FMS, bypass authorisation

Bypass authorization of FileMaker Server or “there is no such category” Source: https://fm-security.com/posts/bypass_auth/ CVE FileMaker Server CVE-2024-27790 Menu Introduction In the summer of 2023, I decided to investigate the internal communication protocol between FileMaker clients and the server. This led to the discovery of perhaps the most significant vulnerability in the platform’s history. I discovered that it

16 mins

Dirk Schittko

FileMaker Under Linux

Dirk Schittko, Oct 1, 2024, FileMaker Konferenz 2024 Menu At FMK 2024, Dirk Schittko delivered an insightful talk on the intricacies of setting up and managing FileMaker Server on Linux, particularly on Ubuntu. FileMaker Server, traditionally a Windows or macOS application, has found a new home in Linux, offering increased performance, cost savings, and reliability

14 mins

Alexey Dubov

FileMaker, dylib hijacking

Understanding the Risks and Mitigations of dylib Hijacking in macOS FileMaker Pro CVE-2023-42920 Source: https://fm-security.com/posts/dylib/ CVE macOS FileMaker Pro CVE-2023-42920 Menu Introduction The dylib hijacking vulnerability for macOS is well known and studied. But from a FileMaker developer’s point of view, I have not seen any analysis of this problem. I will begin a little bit from afar. Embedding into someone else’s

13 mins

Chris Moyer

Protecting FileMaker Server From Ransomware Attacks

Heidi Porter, Chris Moyer, EngageU 2022 Table of Contents Introduction: Background and Importance To top Heidi Porter and Chris Moyer, seasoned experts in FileMaker security, presented on the topic of ransomware protection at EngageU 2022. Both Porter and Moyer have extensive experience in the FileMaker ecosystem and are dedicated to educating users on best practices

16 mins

Chris Moyer

Cybersecurity Best Practices

Heidi Porter, Chris Moyer, EngageU 2022 Table of Contents Introduction: Understanding the Cyber Threat Landscape Heidi Porter and Chris Moyer emphasize the critical need for organizations and individuals to understand the evolving cybersecurity landscape. Over the past decade, attacks have become more sophisticated, targeting personal devices, organizational networks, and even public infrastructure. As more services

29 mins

David Hamann

CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker

Uncovering XXE Vulnerabilities in FileMaker’s XML Parsing Source: https://davidhamann.de/2021/11/18/filemaker-xxe-vulnerability/ CVE FileMaker Pro CVE-2021-44147 A couple of months ago I looked more deeply into the “Import Records” functionality in FileMaker, especially the XML parsing, and was wondering if any XXE vulnerability may exist and how one could exploit this in technically interesting ways. The vulnerability is/was indeed there