Vulnerability: Page 19


  • CFOs play a key role in advocating for preventative cybersecurity actions that help reduce the cost of cyber risks.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products

    Authorities and researchers warn that attackers could exploit the vulnerabilities for remote takeover and potentially destructive activity.

    By July 14, 2023
  • 3D digital circular dynamic wave.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip
    Deep Dive

    MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims

    The slow-moving disaster has ensnared some of the world's largest enterprises. Cybersecurity experts expect further damage to come.

    By July 14, 2023
  • Image attribution tooltip
    Anastasia Vlasova via Getty Images
    Image attribution tooltip

    RomCom uses Word documents in new phishing campaign, Microsoft warns

    The hackers are known to use trojanized versions of legitimate software from Adobe, SolarWinds, KeePass and others.

    By July 12, 2023
  • Illustrated man with fishing hook stealing key
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn

    Threat actors have been leveraging a known vulnerability in Netwrix Auditor to exfiltrate data from targeted entities since May.

    By July 7, 2023
  • Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard. Screens Show Coding Language User Interface.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Most Fortinet FortiGate firewalls remain vulnerable to critical CVE

    Threat actors could exploit the remote code execution vulnerability, disclosed June 12, to initiate data breaches, ransomware attacks and other damages.

    By July 6, 2023
  • Rendered image depicting global networks.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    MOVEit vulnerability snags almost 200 victims, more expected

    The education sector has been hit particularly hard as many widely used vendors in the space confirm impacts linked to the mass exploited vulnerability.

    By July 5, 2023
  • Smiling businesswoman in headphones taking notes, working with laptop and talking smartphone, blue glowing information protection icons. Padlock, cloud and digital interface. Cyber security concept - stock photo
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    MOVEit vulnerability ensnares more victims

    Some organizations have been impacted due to their direct use of MOVEit while others have been exposed by third-party vendors.

    By June 27, 2023
  • PwC logo outside of London, England
    Image attribution tooltip
    Jack Taylor via Getty Images
    Image attribution tooltip

    Big names disclose MOVEit-related breaches, including PwC, EY and Genworth Financial

    More than 100 organizations have been hit as part of the MOVEit attack campaign, including PBI Research Services, which exposed millions of customer data files to theft. 

    By June 23, 2023
  • Gavel sitting on paper saying class action suit
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Progress Software faces federal class action lawsuits as MOVEit breach exposure widens

    Louisiana residents allege their personal financial information was put at risk after the state's motor vehicles department had data exposed in the MOVEit data breach. 

    By June 21, 2023
  • An aerial view of Washington, D.C. that includes the Washington Monument.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    US puts $10M bounty on Clop as federal agencies confirm data compromises

    Additional private sector companies have disclosed attacks after multiple vulnerabilities were found in MOVEit Transfer software.

    By June 20, 2023
  • The U.S. Capitol Building at night with lightning in the background.
    Image attribution tooltip
    Naomi Eide/Cybersecurity Dive
    Image attribution tooltip

    Another MOVEit vulnerability found, as state and federal agencies reveal breaches

    The third vulnerability since Progress Software first disclosed a MOVEit Transfer zero day arrived just as CISA officials said a “small number” of federal agencies were impacted. 

    By Naomi Eide • June 16, 2023
  • The red lock and its structure explode in a digital computer setting.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Clop names a dozen MOVEit victims, but holds back details

    As its deadline expired, the ransomware group released the first batch of victim organizations, most of which were U.S.-based, ReliaQuest found.

    By Naomi Eide • June 15, 2023
  • Swarm of barracuda
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Barracuda ESG devices actively exploited in broad, ongoing espionage campaign

    The campaign is the broadest by a China-nexus actor since the mass exploitation of Microsoft Exchange in 2021, Mandiant researchers said.

    By Updated June 15, 2023
  • Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    MOVEit customers on high alert as Clop’s deadline expires

    As more compromised organizations come forward, one risk analysis firm is pushing the timeline for the vulnerability back years.

    By June 14, 2023
  • Military Surveillance Officer Working on a City Tracking Operation in a Central Office Hub for Cyber Control and Monitoring for Managing National Security, Technology and Army Communications.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Fortinet urges firmware upgrades after critical vulnerability at risk of malicious attacks

    The warning comes just weeks after the company was linked to the Volt Typhoon campaign against U.S. critical infrastructure targets.

    By June 13, 2023
  • a swarm of barracudas
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Barracuda urges customers to replace compromised ESG appliances immediately

    The retirement of all compromised ESG appliances is akin to an admission the company could not remove threat actor access and recover the devices for customers.

    By June 9, 2023
  • exclamation point depicted hovering above network infrastructure
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Clop claims hundreds of MOVEit vulnerability victims

    The prolific threat actor is responsible for two of the three high-profile, actively exploited vulnerabilities in file-transfer services so far this year.

    By June 8, 2023
  • Digital technology vector background depicting a cyberattack.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    What we know about the MOVEit vulnerabilities and compromises

    Active exploits already resulted in a follow-on attack that’s impacted multiple organizations. Threat hunters are on guard and anticipate more victims.

    By Updated June 12, 2023
  • Rendered image depicting global networks.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Worries mount for MOVEit vulnerability, as likelihood of compromise expands

    MOVEit has customers across highly regulated industries, exemplifying the potential damage among government, finance and healthcare organizations.

    By June 5, 2023
  • Exclamation mark depicted over code.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    MOVEit zero-day vulnerability under active exploit, data already stolen

    Mandiant found evidence of attacks over Memorial Day weekend and said it’s possible earlier instances of exploitation may still be uncovered.

    By June 1, 2023
  • Swarm of barracuda
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Barracuda zero-day vulnerability exploited for 7 months before detection

    The latest disclosure increases the potential for widespread compromise for customers using the security vendor’s email security gateway appliances.

    By May 31, 2023
  • Gas turbine electric power plant in blue hour.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure

    Key sectors could face short-term revenue impacts and long-term reputational harm and litigation risk, the credit ratings service said.

    By May 31, 2023
  • a swarm of barracudas
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Barracuda patches actively exploited zero-day vulnerability in email gateways

    The security vendor declined to answer questions about how many customers were impacted and what, if any, customer data was compromised.

    By May 25, 2023
  • A password field reflected on a eye.
    Image attribution tooltip
    Leon Neal via Getty Images
    Image attribution tooltip

    KeePass master password manager at risk as users await patch

    The exploit only works if the master password is typed directly into KeePass. However, a patch won’t be available for weeks.

    By May 23, 2023
  • VMware booth at RSA Conference on April 27, 2023 in San Francisco.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns

    Ransomware groups continue to target VMware because they know the virtualization infrastructure is vulnerable and lacks security tools, threat researchers said.

    By May 16, 2023