Vulnerability: Page 8
-
stefanovsky via Getty Images
Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn
Threat actors have been leveraging a known vulnerability in Netwrix Auditor to exfiltrate data from targeted entities since May.
By David Jones • July 7, 2023 -
gorodenkoff via Getty Images
Most Fortinet FortiGate firewalls remain vulnerable to critical CVE
Threat actors could exploit the remote code execution vulnerability, disclosed June 12, to initiate data breaches, ransomware attacks and other damages.
By Matt Kapko • July 6, 2023 -
DKosig via Getty Images
MOVEit vulnerability snags almost 200 victims, more expected
The education sector has been hit particularly hard as many widely used vendors in the space confirm impacts linked to the mass exploited vulnerability.
By Matt Kapko • July 5, 2023 -
iStock via Getty Images
MOVEit vulnerability ensnares more victims
Some organizations have been impacted due to their direct use of MOVEit while others have been exposed by third-party vendors.
By Matt Kapko • June 27, 2023 -
Jack Taylor via Getty Images
Big names disclose MOVEit-related breaches, including PwC, EY and Genworth Financial
More than 100 organizations have been hit as part of the MOVEit attack campaign, including PBI Research Services, which exposed millions of customer data files to theft.
By David Jones • June 23, 2023 -
Bill Oxford via Getty Images
Progress Software faces federal class action lawsuits as MOVEit breach exposure widens
Louisiana residents allege their personal financial information was put at risk after the state's motor vehicles department had data exposed in the MOVEit data breach.
By David Jones • June 21, 2023 -
LUNAMARINA/iStock/Getty Images Plus via Getty Images
US puts $10M bounty on Clop as federal agencies confirm data compromises
Additional private sector companies have disclosed attacks after multiple vulnerabilities were found in MOVEit Transfer software.
By David Jones • June 20, 2023 -
Naomi Eide/Cybersecurity Dive
Another MOVEit vulnerability found, as state and federal agencies reveal breaches
The third vulnerability since Progress Software first disclosed a MOVEit Transfer zero day arrived just as CISA officials said a “small number” of federal agencies were impacted.
By Naomi Eide • June 16, 2023 -
TU IS via Getty Images
Clop names a dozen MOVEit victims, but holds back details
As its deadline expired, the ransomware group released the first batch of victim organizations, most of which were U.S.-based, ReliaQuest found.
By Naomi Eide • June 15, 2023 -
armiblue/Getty Images Plus via Getty Images
Barracuda ESG devices actively exploited in broad, ongoing espionage campaign
The campaign is the broadest by a China-nexus actor since the mass exploitation of Microsoft Exchange in 2021, Mandiant researchers said.
By David Jones • Updated June 15, 2023 -
vchal via Getty Images
MOVEit customers on high alert as Clop’s deadline expires
As more compromised organizations come forward, one risk analysis firm is pushing the timeline for the vulnerability back years.
By Matt Kapko • June 14, 2023 -
gorodenkoff via Getty Images
Fortinet urges firmware upgrades after critical vulnerability at risk of malicious attacks
The warning comes just weeks after the company was linked to the Volt Typhoon campaign against U.S. critical infrastructure targets.
By David Jones • June 13, 2023 -
iStock/Getty Images Plus via Getty Images
Barracuda urges customers to replace compromised ESG appliances immediately
The retirement of all compromised ESG appliances is akin to an admission the company could not remove threat actor access and recover the devices for customers.
By Matt Kapko • June 9, 2023 -
Just_Super/Getty Images via Getty Images
Clop claims hundreds of MOVEit vulnerability victims
The prolific threat actor is responsible for two of the three high-profile, actively exploited vulnerabilities in file-transfer services so far this year.
By Matt Kapko • June 8, 2023 -
WhataWin via Getty Images
What we know about the MOVEit vulnerabilities and compromises
Active exploits already resulted in a follow-on attack that’s impacted multiple organizations. Threat hunters are on guard and anticipate more victims.
By Matt Kapko • Updated June 12, 2023 -
DKosig via Getty Images
Worries mount for MOVEit vulnerability, as likelihood of compromise expands
MOVEit has customers across highly regulated industries, exemplifying the potential damage among government, finance and healthcare organizations.
By Matt Kapko • June 5, 2023 -
WhataWin/Getty Images via Getty Images
MOVEit zero-day vulnerability under active exploit, data already stolen
Mandiant found evidence of attacks over Memorial Day weekend and said it’s possible earlier instances of exploitation may still be uncovered.
By Matt Kapko • June 1, 2023 -
armiblue/Getty Images Plus via Getty Images
Barracuda zero-day vulnerability exploited for 7 months before detection
The latest disclosure increases the potential for widespread compromise for customers using the security vendor’s email security gateway appliances.
By Matt Kapko • May 31, 2023 -
Thossaphol via Getty Images
Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure
Key sectors could face short-term revenue impacts and long-term reputational harm and litigation risk, the credit ratings service said.
By David Jones • May 31, 2023 -
iStock/Getty Images Plus via Getty Images
Barracuda patches actively exploited zero-day vulnerability in email gateways
The security vendor declined to answer questions about how many customers were impacted and what, if any, customer data was compromised.
By Matt Kapko • May 25, 2023 -
Leon Neal via Getty Images
KeePass master password manager at risk as users await patch
The exploit only works if the master password is typed directly into KeePass. However, a patch won’t be available for weeks.
By Matt Kapko • May 23, 2023 -
Matt Kapko/Cybersecurity Dive
VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns
Ransomware groups continue to target VMware because they know the virtualization infrastructure is vulnerable and lacks security tools, threat researchers said.
By Matt Kapko • May 16, 2023 -
Maximusnd via Getty Images
Costs of software supply chain attacks could exceed $46B this year
Losses attributed to software supply chain attacks will jump 76%, reaching almost $81 billion by 2026, according to Juniper Research.
By Matt Kapko • May 12, 2023 -
Johnny Greig via Getty Images
PaperCut actively exploited by multiple threat actors, targeting education sector
Education is a key market for the print management software, which threat actors have targeted since mid-April.
By Matt Kapko • May 12, 2023 -
Michael M. Santiago via Getty Images via Getty Images
OpinionIs cybersecurity doing enough to prevent the next Colonial Pipeline attack?
Two years have passed since the Colonial Pipeline incident, but critical infrastructure providers aren’t doing enough to proactively mitigate attacks.
By Matthew Parsons, Brian Knudtson and Alex Reid • May 8, 2023
Previous
