Collaborate Disseminate
“Malware free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and medium businesses (SMBs) faced in Q3 2023, says the inaugural SMB Threat Repor… Continue reading SMBs face surge in “malware free” attacks
As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. C… Continue reading PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations again: With the help of researchers from Huntress, the company has uncovered add… Continue reading It’s time to patch your MOVEit Transfer solution again!
The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their name on their dedi… Continue reading Cl0p announces rules for extortion negotiation after MOVEit hack
There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and … Continue reading MOVEit Transfer zero-day attacks: The latest info
An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now there’s a public PoC exploit. About the vulnerability Ac… Continue reading PoC exploit for abused PaperCut flaw is now public (CVE-2023-27350)
99% of all businesses across the United States and Canada are mid-sized businesses facing cybersecurity challenges, according to a Huntress report. Aimed to gain insights into organizational structure, resources and cybersecurity strategies, the result… Continue reading Most mid-sized businesses lack cybersecurity experts, incident response plans
ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection (RCE) or access confidential data. The company advises users to patch as soon as possible,… Continue reading ConnectWise backup solutions open to RCE, patch ASAP!
Huntress, the managed security platform for SMBs, has acquired Curricula, a story-based security awareness training platform that empowers employees to better defend themselves against hackers. In addition to its core platform, Curricula offers a numbe… Continue reading Huntress acquires security awareness training platform Curricula for $22 million
A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. After initially dismissing the vulnerability as “not a secu… Continue reading Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)