Collaborate Disseminate
Infosecurity Europe 2023 is taking place in London this week, and this video provides a closer look at this year’s event.
The post Infosecurity Europe 2023 video walkthrough appeared first on Help Net Security.
Continue reading Infosecurity Europe 2023 video walkthrough
As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. C… Continue reading PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
Barracuda Networks is urging customers running phyisical Email Security Gateway (ESG) appliances to replace them immediately, “regardless of patch version level.” Vulnerability identification and disclosure Barracuda has identified a critic… Continue reading Replace Barracuda ESG appliances, company urges
It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. Continue reading Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are Zellis, “… Continue reading MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims
The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security rese… Continue reading MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)
There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and … Continue reading MOVEit Transfer zero-day attacks: The latest info
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-… Continue reading Zyxel firewalls under attack by Mirai-like botnet
A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerabil… Continue reading Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. Continue reading Microsoft Patch Tuesday, May 2023 Edition