Another MOVEit vulnerability found, as state and federal agencies reveal breaches
Progress Software discovered a new MOVEit Transfer vulnerability, the company said in an advisory Thursday, marking the third since Progress disclosed a zero day associated with its managed file transfer services on May 31. The first vulnerability, CVE-2023-34362, was followed by a second, CVE-2023-35036, last week. Progress is encouraging all MOVEit Transfer customers to take immediate steps to address the new privilege escalation vulnerability. READ MORE...
A Russian Ransomware Gang Breaches the Energy Department and Other Federal Agencies
The Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang's global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday. But for others among what could be hundreds of victims from industry to higher education - including patrons of at least two state motor vehicle agencies - the hack was beginning to show some serious impacts. READ MORE...
Millions of Americans' personal DMV data exposed in massive MOVEit hack
As part of a massive ongoing cyberattack that exploits flaws in MOVEit file transfer software, the personal data of millions of US citizens, including those residing in Louisiana and Oregon, have been exposed to criminal organizations, according to CNN. In the wider attack, hackers targeted government agencies as well as multiple global organizations, causing a breach that extends beyond US boundaries. READ MORE...
Microsoft confirms DDoS attacks against M365, Azure Portal
The Microsoft 365 and Azure Portal outages users expirienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. Throughout the first half June 2023 Microsoft confirmed, at various times, ongoing issues with its cloud-based services - Microsoft 365 (including Outlook on the web and OneDrive) and Azure Portal - but did not say at the time that they were caused by an increase in traffic. READ MORE...
Attackers Create Synthetic Security Researchers to Steal IP
During the month of May, an unknown threat group created a malicious GitHub repository that claimed to contain a zero-day exploit for a vulnerability in the Signal messaging app. The attackers supported the credibility of the exploit by creating a fake security company - High Sierra Cyber Security - linked to a number of made-up profiles of security researchers. READ MORE...
New Mystic Stealer malware increasingly used in attacks
A new information-stealing malware named 'Mystic Stealer,' has been promoted on hacking forums and darknet markets since April 2023, quickly gaining traction in the cybercrime community. The malware, rented for $150/month, targets 40 web browsers, 70 browser extensions, 21 cryptocurrency applications, 9 MFA and password management applications, 55 cryptocurrency browser extensions, Steam and Telegram credentials, and more. READ MORE...
- ...in 1865, Union Major General Gordon Granger proclaims the end of slavery in Texas, two years after the Emancipation Proclamation. This is celebrated today as Juneteenth.
- ...in 1910, the first Father's Day is celebrated in Spokane, Washington.
- ...in 1949, the first ever NASCAR race is held at Charlotte Motor Speedway.
- ...in 1978, Jim Davis's "Garfield", the world's most widely syndicated comic strip, makes its debut.
