Cuba ransomware group exploits Veeam to hit critical infrastructure

The threat actor also used malicious tools from previous campaigns, according to BlackBerry research.

By Matt Kapko • Aug. 21, 2023

White House wants input on open source security, memory-safe languages

Federal agencies put out a request for information Thursday, building on Biden administration priorities to help secure open source post-Log4j.

By David Jones • Aug. 11, 2023

Inside the most-commonly exploited CVEs of 2022

Delayed patching and unmet secure-by-design principles are aggravating the risk of compromise, the Five Eyes warned Thursday.

By Matt Kapko • Aug. 4, 2023

Tenable CEO calls out Microsoft delay on months-old Azure vulnerability

Microsoft has been dragging its feet to fully resolve the issue more than four months after it was discovered, CEO Amit Yoran said.

By David Jones • Aug. 3, 2023

Businesses improved cyber incident response times following Log4j, report finds

An Immersive Labs study showed security teams improved response times during attacks, but post-incident recovery still lagged.

By David Jones • Aug. 2, 2023

Valid account credentials are behind most cyber intrusions, CISA finds

The success rate of these techniques underscores the staying power of the most common methods threat actors use to gain initial access to targeted systems.

By Matt Kapko • July 28, 2023

Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products

Authorities and researchers warn that attackers could exploit the vulnerabilities for remote takeover and potentially destructive activity.

By David Jones • July 14, 2023

MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims

The slow-moving disaster has ensnared some of the world's largest enterprises. Cybersecurity experts expect further damage to come.

By Matt Kapko • July 14, 2023

RomCom uses Word documents in new phishing campaign, Microsoft warns

The hackers are known to use trojanized versions of legitimate software from Adobe, SolarWinds, KeePass and others.

By David Jones • July 12, 2023

Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn

Threat actors have been leveraging a known vulnerability in Netwrix Auditor to exfiltrate data from targeted entities since May.

By David Jones • July 7, 2023

Most Fortinet FortiGate firewalls remain vulnerable to critical CVE

Threat actors could exploit the remote code execution vulnerability, disclosed June 12, to initiate data breaches, ransomware attacks and other damages.

By Matt Kapko • July 6, 2023

MOVEit vulnerability snags almost 200 victims, more expected

The education sector has been hit particularly hard as many widely used vendors in the space confirm impacts linked to the mass exploited vulnerability.

By Matt Kapko • July 5, 2023

MOVEit vulnerability ensnares more victims

Some organizations have been impacted due to their direct use of MOVEit while others have been exposed by third-party vendors.

By Matt Kapko • June 27, 2023

Big names disclose MOVEit-related breaches, including PwC, EY and Genworth Financial

More than 100 organizations have been hit as part of the MOVEit attack campaign, including PBI Research Services, which exposed millions of customer data files to theft. 

By David Jones • June 23, 2023

Progress Software faces federal class action lawsuits as MOVEit breach exposure widens

Louisiana residents allege their personal financial information was put at risk after the state's motor vehicles department had data exposed in the MOVEit data breach. 

By David Jones • June 21, 2023

US puts $10M bounty on Clop as federal agencies confirm data compromises

Additional private sector companies have disclosed attacks after multiple vulnerabilities were found in MOVEit Transfer software.

By David Jones • June 20, 2023

Another MOVEit vulnerability found, as state and federal agencies reveal breaches

The third vulnerability since Progress Software first disclosed a MOVEit Transfer zero day arrived just as CISA officials said a “small number” of federal agencies were impacted. 

By Naomi Eide • June 16, 2023

Clop names a dozen MOVEit victims, but holds back details

As its deadline expired, the ransomware group released the first batch of victim organizations, most of which were U.S.-based, ReliaQuest found.

By Naomi Eide • June 15, 2023

Barracuda ESG devices actively exploited in broad, ongoing espionage campaign

The campaign is the broadest by a China-nexus actor since the mass exploitation of Microsoft Exchange in 2021, Mandiant researchers said.

By David Jones • Updated June 15, 2023

MOVEit customers on high alert as Clop’s deadline expires

As more compromised organizations come forward, one risk analysis firm is pushing the timeline for the vulnerability back years.

By Matt Kapko • June 14, 2023

Fortinet urges firmware upgrades after critical vulnerability at risk of malicious attacks

The warning comes just weeks after the company was linked to the Volt Typhoon campaign against U.S. critical infrastructure targets.

By David Jones • June 13, 2023

Barracuda urges customers to replace compromised ESG appliances immediately

The retirement of all compromised ESG appliances is akin to an admission the company could not remove threat actor access and recover the devices for customers.

By Matt Kapko • June 9, 2023

Clop claims hundreds of MOVEit vulnerability victims

The prolific threat actor is responsible for two of the three high-profile, actively exploited vulnerabilities in file-transfer services so far this year.

By Matt Kapko • June 8, 2023

What we know about the MOVEit vulnerabilities and compromises

Active exploits already resulted in a follow-on attack that’s impacted multiple organizations. Threat hunters are on guard and anticipate more victims.

By Matt Kapko • Updated June 12, 2023

Worries mount for MOVEit vulnerability, as likelihood of compromise expands

MOVEit has customers across highly regulated industries, exemplifying the potential damage among government, finance and healthcare organizations.

By Matt Kapko • June 5, 2023