Progress Software discovered a new MOVEit Transfer vulnerability, the company said in an advisory Thursday, marking the third since Progress disclosed a zero day associated with its managed file transfer services on May 31. The first vulnerability, CVE-2023-34362, was followed by a second, CVE-2023-35036, last week. Progress is encouraging all MOVEit Transfer customers to take immediate steps to address the new privilege escalation vulnerability. READ MORE...
The Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang's global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday. But for others among what could be hundreds of victims from industry to higher education - including patrons of at least two state motor vehicle agencies - the hack was beginning to show some serious impacts. READ MORE...
As part of a massive ongoing cyberattack that exploits flaws in MOVEit file transfer software, the personal data of millions of US citizens, including those residing in Louisiana and Oregon, have been exposed to criminal organizations, according to CNN. In the wider attack, hackers targeted government agencies as well as multiple global organizations, causing a breach that extends beyond US boundaries. READ MORE...
The Microsoft 365 and Azure Portal outages users expirienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. Throughout the first half June 2023 Microsoft confirmed, at various times, ongoing issues with its cloud-based services - Microsoft 365 (including Outlook on the web and OneDrive) and Azure Portal - but did not say at the time that they were caused by an increase in traffic. READ MORE...
During the month of May, an unknown threat group created a malicious GitHub repository that claimed to contain a zero-day exploit for a vulnerability in the Signal messaging app. The attackers supported the credibility of the exploit by creating a fake security company - High Sierra Cyber Security - linked to a number of made-up profiles of security researchers. READ MORE...
A new information-stealing malware named 'Mystic Stealer,' has been promoted on hacking forums and darknet markets since April 2023, quickly gaining traction in the cybercrime community. The malware, rented for $150/month, targets 40 web browsers, 70 browser extensions, 21 cryptocurrency applications, 9 MFA and password management applications, 55 cryptocurrency browser extensions, Steam and Telegram credentials, and more. READ MORE...