SecurityWeek
University System of Georgia Says 800,000 Impacted by MOVEit Hack
University System of Georgia says Social Security numbers and bank account numbers were compromised in the May 2023 MOVEit hack.
Infosecurity News
CrushFTP File Transfer Vulnerability Lets Attackers Download System Fi
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files
The Hacker News
CL0P's Ransomware Rampage - Security Measures for 2024
CL0P ransomware emerges as a major player in the cybercrime world! From "bed bug" beginnings to a global threat, this group's aggressive tactics are r
SecurityWeek
US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities
CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software.
CyberSecurity Dive
Threat groups hit enterprise software, network infrastructure hard in 2023
Recorded Future observed an approximately threefold increase in actively exploited high-risk vulnerabilities in enterprise software and network infrastructure, such as VPNs.
Security Affairs
PoC exploit for critical RCE in Fortra FileCatalyst tool released
Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product.
The Hacker News
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Fortra patches critical flaw in FileCatalyst transfer tool. Vulnerability allows remote code execution via directory traversal.
SecurityWeek
PoC Published for Critical Fortra Code Execution Vulnerability
A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution.
SC Magazine
Fortra FileCatalyst RCE bug disclosed; full PoC exploit available
First patched in August, the critical vulnerability enables unauthenticated web shell deployment.
Infosecurity News
Patched Critical Flaw Exposed JetBrains TeamCity Servers
Tracked as CVE-2024-23917, the flaw carries a CVSS rating of 9.8
Latest Hacking News
Critical Authentication Bypass Flaw Patched In GoAnywhere MFT
A severe authentication bypass security flaw riddled the GoAnywhere MFT that could allow creating rogue admin accounts. While the developers patched the vulnerability already, researchers could still develop a working exploit for it, urging users
Security Affairs
Security Affairs newsletter Round 456 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
CyberSecurity Dive
Nearly 800 GoAnywhere instances are unpatched, exposed to critical CVE
Although patching lags, the number of hosts with publicly exposed and vulnerable admin interfaces are limited.
SC Magazine
Fortra GoAnywhere MFT software exploited, but not 'actively exploited'
Fortra recommends security teams patch critical CVE immediately. Security pros say hackers with even moderate skills can exploit bug.
DarkReading
Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT
PoC exploit code for flaw is publicly available, heightening breach risks for users of the managed file transfer technology.
Security Affairs
Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204
Researchers released PoC exploit code for a recently disclosed critical authentication bypass flaw in Fortra's GoAnywhere MFT.
SecurityWeek
PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability
PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure.
Cyber Security News
Exploit Released for Critical GoAnywhere MFT Auth Bypass : Patch Now
Fortra-owned GoAnywhere MFT (Managed File Transfer) has been discovered with a new vulnerability that could allow an threat actor.
CyberSecurity Dive
GoAnywhere MFT customers confront yet another critical file-transfer CVE
File-transfer services, including GoAnywhere, were widely exploited by ransomware threat groups in 2023.
Infosecurity News
Exploit Code Released For Critical Fortra GoAnywhere Bug
Researchers have released exploit code for a critical bug in managed file transfer software Fortra GoAnywhere
The Hacker News
Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin
GoAnywhere users, listen up! Critical bug (CVE-2024-0204) lets anyone become admin. Update to 7.4.1 immediately.
SC Magazine
Fortra blasted over slow response to critical GoAnywhere file transfer bug
With a PoC for exploiting the file sharing software already available, users are urged to patch immediately.
Bleeping Computer
Exploit released for Fortra GoAnywhere MFT auth bypass bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal.
Security Affairs
Aatch out, a new critical flaw affects Fortra GoAnywhere MFT
Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) product
Bleeping Computer
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.
Security Affairs
Merck settles with insurers regarding a $1.4 billion claim
Merck has resolved a dispute with insurers regarding a $1.4 billion claim arising from the NotPetya malware incident
Bleeping Computer
The biggest cybersecurity and cyberattack stories of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
Infosecurity News
2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List
The Qualys report also showed over 7000 vulnerabilities had proof-of-concept exploit code
Ars Technica
ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
Easy-to-exploit flaw can give hackers passwords and cryptographic keys to vulnerable servers.
Bleeping Computer
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
Cyber Security News
MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability
SysAid disclosed a zero-day which was affecting on-premises SysAid servers. The vulnerability was found to be a path traversal vulnerability.
Bleeping Computer
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
Cyber Security News
Titan File Transfer Server Flaws Let Attackers Execute Remote Code
Multiple vulnerabilities have been discovered in Titan MFT and Titan SFTP servers owned by South River Technologies.
The Hacker News
Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
Milesight's industrial routers risk unauthorized web interface access, while Titan MFT and Titan SFTP servers face remote
The Hacker News
Ransomware attacks doubled year on year. Are organizations equipped to handle the evolution of Ransomware in 2023?
Ransomware attacks have evolved in Q3-2023, employing new techniques to bypass defenses. Discover the strategies ransomware groups have been adopting.
SecurityWeek
SEC Investigating Progress Software Over MOVEit Hack
Progress Software confirms the SEC has launched its own investigation into costly ransomware zero-days in the MOVEit file transfer software.
SecurityWeek
Sony Confirms Data Stolen in Two Recent Hacker Attacks
Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.
Bleeping Computer
Progress warns of maximum severity WS_FTP Server vulnerability
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software.
Bleeping Computer
National Student Clearinghouse data breach impacts 890 schools
U.S. educational nonprofit National Student Clearinghouse has disclosed a data breach affecting 890 schools using its services across the United States.
Infosecurity News
MGM Criticized for Repeated Security Failures
The malware researchers' collective Vx-underground claimed that ALPHV/BlackCat was behind the attack against the casino giant
SecurityWeek
Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack
Nearly 1,000 organizations and 60 million individuals are impacted by the MOVEit hack, and the Cl0p ransomware gang is leaking stolen data.
DarkReading
Ransomware Reaches New Heights
It's not going anywhere: Easy-to-exploit bugs like MOVEit, leaks of stolen data, and rapid-fire escalation are keeping ransomware attacks as painful as ever.
The Hacker News
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
Citrix ShareFile under attack! Learn about ongoing exploitation of CVE-2023-24489 and how to defend your systems.
Bleeping Computer
CISA warns of critical Citrix ShareFile flaw exploited in the wild
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild.
SecurityWeek
Colorado Health Agency Says 4 Million Impacted by MOVEit Hack
Colorado’s health programs administrator says the personal information of 4 million individuals was compromised in the recent MOVEit hack.
Bleeping Computer
The Week in Ransomware - August 4th 2023 - Targeting VMware ESXi
Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose.
Bleeping Computer
US govt contractor Serco discloses data breach after MoveIT attacks
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server.
SecurityWeek
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus
Maximus Inc says that the personal information of 8 to 11 million individuals was stolen in the MOVEit cyberattack.
CyberSecurity Dive
Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn
Threat actors have been leveraging a known vulnerability in Netwrix Auditor to exfiltrate data from targeted entities since May.
SecurityWeek
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data
Shell confirms that employee personal information has been stolen after the Cl0p ransomware group leaked data
DarkReading
C10p's MOVEit Campaign Represents a New Era in Cyberattacks
The ransomware group shows an evolution of its tactics with MOVEit zero day — potentially ushering in a new normal when it comes to extortion supply chain cyberattacks, experts say.
CSO
Botnets responsible for over 95% malicious web traffic globally: Report
For the research, Trustwave implemented a network of honeypots located in multiple countries including Russia, Ukraine, Poland, the UK, China, and the United States.
Bleeping Computer
Hundreds of devices found violating new CISA federal agency directive
Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive.
Security Affairs
Experts found hundreds of devices within federal networks having internet-exposed management interfaces
Researchers at Censys have identified hundreds of devices deployed within federal networks that have internet-exposed management interfaces. Researchers at Censys have analyzed the attack surfaces of more than 50 Federal Civilian Executive Branch (FCEB) organizations and sub-organizations and discovered more than 13,000 distinct hosts across 100 autonomous systems. The experts focused on roughly 1,300 of […]
Bleeping Computer
Hackers steal data of 45,000 New York City students in MOVEit breach
The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.
DarkReading
Fresh Ransomware Gangs Emerge As Market Leaders Decline
The ransomware landscape is energized with the emergence of smaller groups and new tactics, while established gangs like LockBit see fewer victims.
Cyber Security News
U.S. Govt offers $10 Million Bounty on Info About Cl0p Ransomware Gang
Recently, the US govt offers a $10 million bounty on Info About Cl0p ransomware gang exploiting the MOVEit transfer application.
The Hacker News
Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack
🚨 Alert: Progress Software has disclosed a 3rd critical flaw in MOVEit Transfer app—an SQL injection—allowing unauthorized access.
Bleeping Computer
MOVEit Transfer customers warned of new flaw as PoC info surfaces
Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection (SQLi) vulnerability was shared online today.
Bleeping Computer
Clop ransomware gang starts extorting MOVEit data-theft victims
The Clop ransomware gang has started extorting companies impacted by the MOVEit data theft attacks by listing them on a data leak site, a common extortion tactic used as a precursor for the public leaking of stolen data.
DataBreaches
State governments among victims of MoveIT Transfer breach
Alexander Culafi reports: Illinois, Minnesota and Missouri state governments are among a growing list of organizations attacked via a critical flaw in Progress...
The Hacker News
LockBit Ransomware Extorts $91 Million from U.S. Companies
LockBit ransomware scheme extorts $91 million from U.S. organizations in a series of devastating attacks since 2020.
Security Affairs
Experts released PoC exploit for MOVEit Transfer CVE-2023-34362 flaw
Security firm Horizon3 released proof-of-concept (PoC) exploit code for the remote code execution (RCE) flaw CVE-2023-34362 in the MOVEit Transfer MFT. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The vulnerability is a SQL injection vulnerability, it can be exploited by […]
Security Affairs
Intellihartx data breach exposed the personal and health info of 490,000 individuals
Intellihartx is notifying about 490,000 individuals that their personal information was compromised in the GoAnywhere zero-day attack in January. The Clop ransomware group has stolen stole personal and health information of 489,830 individuals as a result of a ransomware attack on the technology firm Intellihartx. The attack took place earlier this year, the attackers have […]
Bleeping Computer
Exploit released for MOVEit RCE bug used in data theft attacks
Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution abused by the Clop ransomware gang in data theft attacks.
The DFIR Report
A Truly Graceful Wipe Out - The DFIR Report
In this intrusion, dated May 2023, we observed Truebot being used to deploy Cobalt Strike and FlawedGrace (aka GraceWire & BARBWIRE) resulting in the exfiltration of data and the deployment … Read More
Bleeping Computer
The Week in Ransomware - June 9th 2023 - It’s Clop... Again!
The week was dominated by fallout over the MOVEit Transfer data-theft attacks, with the Clop ransomware gang confirming that they were behind them.
Bleeping Computer
New MOVEit Transfer critical flaws found after security audit, patch now
Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer (MFT) solution that can let attackers steal information from customers' databases.
DarkReading
Cl0P Gang Sat on Exploit for MOVEit Flaw for Nearly 2 Years
Over that time, the group carried multiple tests to see if the exploit worked and to identify potential victims. It was like "turning the doorknob" to check for access, a researcher says.
Security Affairs
Clop ransomware gang was testing MOVEit Transfer bug since 2021
Researchers discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. Kroll security experts discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. Kroll investigated the exploitation attempts for the MOVEit Transfer vulnerability and discovered that Clop threat […]
Bleeping Computer
Clop ransomware likely testing MOVEit zero-day since 2021
The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, according to Kroll security experts.
Bleeping Computer
Clop ransomware likely exploiting MOVEit zero-day since 2021
The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, according to Kroll security experts.
The Hacker News
Clop Ransomware Gang Likely Exploiting MOVEit Transfer Vulnerability Since 2021
New research reveals the Clop ransomware group has silently exploited a critical flaw in Progress Software's MOVEit Transfer since 2021.
Security Affairs
Clop ransomware gang claims the hack of hundreds of victims exploiting MOVEit Transfer bug
Clop ransomware group claims to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability. The Clop ransomware group may have compromised hundreds of companies worldwide by exploiting a vulnerability in MOVEit Transfer software. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and […]
Bleeping Computer
Clop ransomware claims responsibility for MOVEit extortion attacks
The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data.
Infosecurity News
Critical Zero-Day Flaw Exploited in MOVEit Transfer
The vulnerability (CVE-2023-34362) can grant escalated privileges and unauthorized access
Bleeping Computer
Microsoft links Clop ransomware gang to MOVEit data-theft attacks
Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations.
The Hacker News
Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App
Microsoft reveals critical flaw exploit in Progress Software MOVEit Transfer app, linking it to notorious threat actor Lace Tempest.
Bleeping Computer
CISA orders govt agencies to patch MOVEit bug used for data theft
CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its list of known exploited vulnerabilities, warning U.S. federal agencies to patch their systems by June 23.
Bleeping Computer
The Week in Ransomware - June 2nd 2023 - Whodunit?
It has been a fairly quiet week regarding ransomware, with only a few reports released and no new significant attacks. However, we may have a rebrand in the making, and a ransomware operation is likely behind a new zero-day data-theft campaign, so we have some news to talk about.
The Hacker News
MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited
A critical flaw in Progress Software's MOVEit Transfer file transfer app is being exploited in the wild!
Bleeping Computer
New MOVEit Transfer zero-day mass-exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations.
Bleeping Computer
The Week in Ransomware - May 5th 2023 - Targeting the public sector
This week's ransomware news has been dominated by a Royal ransomware attack on the City of Dallas that took down part of the IT infrastructure.
Infosecurity News
Dallas Police Department Compromised in Ransomware Attack
The attack took down essential services, including some 911 dispatch systems
Infosecurity News
Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients
Brightline said the breach was due to a zero-day flaw in Fortra GoAnywhere MFT
Bleeping Computer
Brightline data breach impacts 783K pediatric mental health patients
Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform.
The Hacker News
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
Microsoft has confirmed that hackers linked to Cl0p and LockBit ransomware families are actively exploiting PaperCut servers.
Bleeping Computer
Microsoft: Clop and LockBit ransomware behind PaperCut server hacks
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
Bleeping Computer
Clop, LockBit ransomware gangs behind PaperCut server attacks
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
Bleeping Computer
The Week in Ransomware - April 21st 2023 - Macs in the Crosshairs
A lot of news broke this week related to ransomware, with the discovery of LockBit testing macOS encryptors to an outage on NCR, causing massive headaches for restaurants.
The Hacker News
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
Fortra sheds light on zero-day remote code execution (RCE) vulnerability (CVE-2023-0669) in its GoAnywhere MFT tool, actively exploited by ransomware.
Bleeping Computer
Fortra shares findings on GoAnywhere MFT zero-day attacks
Fortra has completed its investigation into the exploitation of CVE-2023-0669, a zero-day flaw in the GoAnywhere MFT solution that the Clop ransomware gang exploited to steal data from over a hundred companies.
Bleeping Computer
March 2023 broke ransomware attack records with 459 incidents
March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022.
DataBreaches
Hackers leak 16,000 Tas documents on dark web
The Fortra/GoAnywhere incident also affected Tasmanian school children. Emily Woods reports: Hackers have released 16,000 Tasmanian education department...
Security Affairs
Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack
Australia’s gambling and entertainment giant Crown Resorts, disclosed a data breach caused by the exploitation of recently discovered GoAnywhere zero-day. Australian casino giant Crown Resorts disclosed a data breach after the attack of the Cl0p ransomware group. The group claims to have stolen sensitive data from over 130 organizations by exploiting a zero-day vulnerability (CVE-2023-0669) […]
Infosecurity News
Clop Ransomware Group Exploits GoAnywhere MFT Flaw
The vulnerability has a CVSS score of 7.2 and was exploited against several companies in the US
DarkReading
Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw
After several weeks and more than 130 ransomware victims, GoAnywhere parent company Forta issues a statement.
Bleeping Computer
The Week in Ransomware - March 24th 2023 - Clop overload
This week's news has been dominated by the Clop ransomware gang extorting companies whose GoAnywhere services were breached using a zero-day vulnerability.
Security Affairs
City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day
Clop ransomware gang added the City of Toronto to the list of its victims, it is another organization compromised by exploiting GoAnywhere zero-day. Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak site. The City was targeted as part of a campaign exploiting the recently disclosed zero-day vulnerability in […]
Security Affairs
City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day
Clop ransomware gang added City of Toronto to the list of its victims, it is another organization compromised by exploiting GoAnywhere zero-day. Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak site. The City was targeted as part of a campaign exploiting the recently disclosed zero-day vulnerability in the […]
Loading more articles....