Collaborate Disseminate
Rapid7 released Executive Risk View, a solution that normalizes risk scoring across cloud and on-premises environments so that security leaders can effectively assess and collaborate with teams across an organization to speed up cyber risk reduction. N… Continue reading Rapid7 Executive Risk View allows security teams to prioritize remediation actions
Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with inco… Continue reading Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices. Continue reading Apple & Microsoft Patch Tuesday, July 2023 Edition
Infosecurity Europe 2023 is taking place in London this week, and this video provides a closer look at this year’s event.
The post Infosecurity Europe 2023 video walkthrough appeared first on Help Net Security.
Continue reading Infosecurity Europe 2023 video walkthrough
As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. C… Continue reading PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
Barracuda Networks is urging customers running phyisical Email Security Gateway (ESG) appliances to replace them immediately, “regardless of patch version level.” Vulnerability identification and disclosure Barracuda has identified a critic… Continue reading Replace Barracuda ESG appliances, company urges
It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. Continue reading Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are Zellis, “… Continue reading MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims
The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security rese… Continue reading MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)
There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and … Continue reading MOVEit Transfer zero-day attacks: The latest info