Latest News

What is a QR Code? Its Usage, Vulnerability, Advantages, and Comeback Story - Part 1

Jun 13, 2023 By Cyber Security Journal In SSL2BUY

This article helps you understand what a QR code is, how it works, the different types of QR codes, the rise in its usage, the risks involved, the advantages and disadvantages, and whether it is safe.

Read Post

SSL2BUY

Read more about What is a QR Code? Its Usage, Vulnerability, Advantages, and Comeback Story - Part 1

Mass Exploitation of MOVEit Transfer Critical Vulnerability - Recommended Mitigations and How Forescout Can Help

Jun 13, 2023 By Prashant Tilekar and Sai Molige In Forescout

On May 31, Forescout Research – Vedere Labs uncovered a significant incident where threat actors exploited a critical zero-day vulnerability in the MOVEit Transfer software, which resulted in unauthorized access to and exfiltration of private data, as well as privilege escalation. MOVEit Transfer is a widely adopted managed file transfer (MFT) solution that enables organizations to securely exchange files with their business partners and customers.

Read Post

Forescout

Read more about Mass Exploitation of MOVEit Transfer Critical Vulnerability - Recommended Mitigations and How Forescout Can Help

Shielding Against the Most Recent Fortinet Vulnerability

Jun 13, 2023 By Lauren Farrell In Centripetal

During a red team assessment for a client, Charles Fol and Dany Bach from LEXFO, discovered a heap overflow bug in Fortigate’s SSL VPN that can be exploited to achieve remote code execution on Fortigate instances. This vulnerability is reachable without authentication, and can be used to execute arbitrary code on vulnerable systems, which could lead to a complete compromise of the system.

Read Post

Centripetal

Read more about Shielding Against the Most Recent Fortinet Vulnerability

Benefits of Using a Penetration Testing Dashboard For Your Security Testing Needs

Jun 12, 2023 By SecuritySenses In SecuritySenses

In today's digital landscape, cybersecurity is a top priority for international businesses. Ensuring the integrity of network and data protection requires vigilance and proactive measures-enter penetration testing dashboards. These state-of-the-art resources streamline security testing by centralizing processes, identifying vulnerabilities, and safeguarding vital information assets. Discover the benefits of using a penetration testing dashboard for your security testing needs as we examine core features, advantages, and why it's essential in your cybersecurity arsenal.

Read Post

SecuritySenses

Read more about Benefits of Using a Penetration Testing Dashboard For Your Security Testing Needs

Spear Phishing Attacks: Understanding and Mitigating the Risk

Jun 12, 2023 By SecuritySenses In SecuritySenses

In an increasingly interconnected world, cybersecurity has never been more important. One of the most prevalent and potent threats to individual and organizational security is spear phishing. Unlike phishing, which casts a wide net in hopes of catching any unsuspecting victim, spear phishing is a more targeted approach. The attacker customizes their emails, texts, or other messages to mimic trustworthy sources and deceive specific individuals into revealing sensitive information.

Read Post

SecuritySenses

Read more about Spear Phishing Attacks: Understanding and Mitigating the Risk

Snyk integrates with Amazon EventBridge to enable secure AppDev at scale

Jun 12, 2023 By David Schott In Snyk

In today’s highly dynamic application ecosystem, the number and scope of security issues that developers need to address have increased dramatically, making it imperative for modern development teams to have an automated system to handle security events across every application component.

Read Post

Snyk

Read more about Snyk integrates with Amazon EventBridge to enable secure AppDev at scale

Hundreds of Companies Using the MOVEit File Service Lose Confidential Data to a Ransomware Attack

Jun 12, 2023 By Steven In IDStrong

MOVEit, a massive global fire-sharing service provider, recently suffered a data breach that could impact 100's of corporations in the United States, Europe, and many other areas of the world. The file-transfer service provider is supposed to offer a secure transfer solution, and it appears that it may not be as secure as so many hoped. This breach is the result of a ransomware attack, and that attack could result in substantial losses for so many involved.

Read Post

IDStrong

Read more about Hundreds of Companies Using the MOVEit File Service Lose Confidential Data to a Ransomware Attack

CleanINTERNET Protects Customers from MOVEit Vulnerability

Jun 12, 2023 By Fergal Lyons In Centripetal

In early June, multiple threat researchers observed attacks on MOVEit servers using a zero day vulnerability that facilitated data exfiltration. MOVEit Transfer is a managed file transfer software that supports the exchange of files and data. This vulnerability allows an attacker to gain access to the database and possibly infer information about the structure and contents of the database.

Read Post

Centripetal

Read more about CleanINTERNET Protects Customers from MOVEit Vulnerability

Cato Protects Against MOVEit vulnerability (CVE-2023-34362)

Jun 12, 2023 By Matan Mittelman In Cato Networks

A new critical vulnerability (CVE-2023-34362) has been published by Progress Software in its file transfer application, MOVEit Transfer. A SQL Injection vulnerability was discovered in MOVEit enabling unauthenticated access to MOVEit’s Transfer database.

Read Post

Cato Networks

Read more about Cato Protects Against MOVEit vulnerability (CVE-2023-34362)

New Vulnerabilities Similar to CVE-2023-34362 Identified in MOVEit Transfer and MOVEit Cloud

Jun 12, 2023 By Steven Campbell In Arctic Wolf

On June 9, 2023, Progress released a security advisory detailing newly discovered SQL injection vulnerabilities impacting the MOVEit Transfer web application and Cloud. The vulnerabilities are distinct from CVE-2023-34362, which was actively exploited by Clop Ransomware to exfiltrate data and extort compromised organizations. Although distinct, the vulnerabilities result in nearly identical unauthorized access where threat actors could modify or disclose MOVEit database content.

Read Post

Arctic Wolf

Read more about New Vulnerabilities Similar to CVE-2023-34362 Identified in MOVEit Transfer and MOVEit Cloud

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

What is a QR Code? Its Usage, Vulnerability, Advantages, and Comeback Story - Part 1

Mass Exploitation of MOVEit Transfer Critical Vulnerability - Recommended Mitigations and How Forescout Can Help

Shielding Against the Most Recent Fortinet Vulnerability

Benefits of Using a Penetration Testing Dashboard For Your Security Testing Needs

Spear Phishing Attacks: Understanding and Mitigating the Risk

Snyk integrates with Amazon EventBridge to enable secure AppDev at scale

Hundreds of Companies Using the MOVEit File Service Lose Confidential Data to a Ransomware Attack

CleanINTERNET Protects Customers from MOVEit Vulnerability

Cato Protects Against MOVEit vulnerability (CVE-2023-34362)

New Vulnerabilities Similar to CVE-2023-34362 Identified in MOVEit Transfer and MOVEit Cloud

Monthly Archive

Follow Us