Vulnerability: Page 6
-
vchal via Getty Images
MOVEit customers on high alert as Clop’s deadline expires
As more compromised organizations come forward, one risk analysis firm is pushing the timeline for the vulnerability back years.
By Matt Kapko • June 14, 2023 -
gorodenkoff via Getty Images
Fortinet urges firmware upgrades after critical vulnerability at risk of malicious attacks
The warning comes just weeks after the company was linked to the Volt Typhoon campaign against U.S. critical infrastructure targets.
By David Jones • June 13, 2023 -
iStock/Getty Images Plus via Getty Images
Barracuda urges customers to replace compromised ESG appliances immediately
The retirement of all compromised ESG appliances is akin to an admission the company could not remove threat actor access and recover the devices for customers.
By Matt Kapko • June 9, 2023 -
Just_Super/Getty Images via Getty Images
Clop claims hundreds of MOVEit vulnerability victims
The prolific threat actor is responsible for two of the three high-profile, actively exploited vulnerabilities in file-transfer services so far this year.
By Matt Kapko • June 8, 2023 -
WhataWin via Getty Images
What we know about the MOVEit vulnerabilities and compromises
Active exploits already resulted in a follow-on attack that’s impacted multiple organizations. Threat hunters are on guard and anticipate more victims.
By Matt Kapko • Updated June 12, 2023 -
DKosig via Getty Images
Worries mount for MOVEit vulnerability, as likelihood of compromise expands
MOVEit has customers across highly regulated industries, exemplifying the potential damage among government, finance and healthcare organizations.
By Matt Kapko • June 5, 2023 -
WhataWin/Getty Images via Getty Images
MOVEit zero-day vulnerability under active exploit, data already stolen
Mandiant found evidence of attacks over Memorial Day weekend and said it’s possible earlier instances of exploitation may still be uncovered.
By Matt Kapko • June 1, 2023 -
armiblue/Getty Images Plus via Getty Images
Barracuda zero-day vulnerability exploited for 7 months before detection
The latest disclosure increases the potential for widespread compromise for customers using the security vendor’s email security gateway appliances.
By Matt Kapko • May 31, 2023 -
Thossaphol via Getty Images
Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure
Key sectors could face short-term revenue impacts and long-term reputational harm and litigation risk, the credit ratings service said.
By David Jones • May 31, 2023 -
iStock/Getty Images Plus via Getty Images
Barracuda patches actively exploited zero-day vulnerability in email gateways
The security vendor declined to answer questions about how many customers were impacted and what, if any, customer data was compromised.
By Matt Kapko • May 25, 2023 -
Leon Neal via Getty Images
KeePass master password manager at risk as users await patch
The exploit only works if the master password is typed directly into KeePass. However, a patch won’t be available for weeks.
By Matt Kapko • May 23, 2023 -
Matt Kapko/Cybersecurity Dive
VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns
Ransomware groups continue to target VMware because they know the virtualization infrastructure is vulnerable and lacks security tools, threat researchers said.
By Matt Kapko • May 16, 2023 -
Maximusnd via Getty Images
Costs of software supply chain attacks could exceed $46B this year
Losses attributed to software supply chain attacks will jump 76%, reaching almost $81 billion by 2026, according to Juniper Research.
By Matt Kapko • May 12, 2023 -
Johnny Greig via Getty Images
PaperCut actively exploited by multiple threat actors, targeting education sector
Education is a key market for the print management software, which threat actors have targeted since mid-April.
By Matt Kapko • May 12, 2023 -
Michael M. Santiago via Getty Images via Getty Images
OpinionIs cybersecurity doing enough to prevent the next Colonial Pipeline attack?
Two years have passed since the Colonial Pipeline incident, but critical infrastructure providers aren’t doing enough to proactively mitigate attacks.
By Matthew Parsons, Brian Knudtson and Alex Reid • May 8, 2023 -
gorodenkoff via Getty Images
Most open source maintainers still consider themselves hobbyists, despite compensation pledges
A study by Tidelift shows a compensation gap for the key producers of open source applications, raising questions about how to properly secure software supply chains.
By David Jones • May 2, 2023 -
Leon Neal via Getty Images
OpenAI adds more data privacy guardrails for ChatGPT
The company is allowing users to turn off chat history and export data as it seeks to reach enterprise customers.
By Lindsey Wilkinson • April 26, 2023 -
Just_Super via Getty Images
More than 2K organizations at risk of major attacks linked to SLP vulnerability
Over 54,000 SLP-speaking instances and 670 product types are vulnerable, researchers from BitSight and Curesec found, including VMware ESXi Hypervisor.
By David Jones • April 25, 2023 -
Nico ElNino via Getty Images
Software industry leaders debate real costs and benefits of CISA security push
The global effort to promote secure by design is seen as a potential game changer for software security, but may require substantial investments and considerable cultural changes.
By David Jones • April 14, 2023 -
Permission granted by CrowdStrike
CISA to unveil secure-by-design principles this week amid push for software security
The Biden administration plans to shift responsibility for product safety to the tech industry. Stakeholder discussions are already underway.
By David Jones • April 12, 2023 -
Suebsiri via Getty Images
Palo Alto security software stung by ransomware strain
Check Point researchers say the “Rorschach” ransomware – found during an attack on a U.S. company – may be the fastest ever seen.
By David Jones • April 4, 2023 -
Tim Boyle / Staff via Getty Images
IBM file transfer service under active exploit, security researchers warn
Ransomware groups are still exploiting a vulnerability in unpatched versions of Aspera Faspex almost four months after IBM issued a patch.
By Matt Kapko • March 31, 2023 -
Techa Tungateja via Getty Images
Outlook zero-day still vulnerable to attackers with prior access, researchers find
Days after Microsoft issued a patch, researchers demonstrated that threat actors could still bypass the mitigation steps from within a network.
By David Jones • March 20, 2023 -
Just_Super via Getty Images
Zero-days fell by one-third in 2022, Mandiant says
Zero-day vulnerabilities in security, IT and network management products, which are consistently connected to the internet, claimed nearly 1 in 5 exploits.
By Matt Kapko • March 20, 2023 -
TU IS via Getty Images
Outlook zero day linked to critical infrastructure attacks
State-linked actors have targeted oil and gas, transportation and defense industries in Europe.
By David Jones • March 16, 2023
Previous
