Configuration management - especially vulnerability patching - is a significant challenge for many healthcare entities, including some Veterans Affairs medical facilities. A recent watchdog agency security inspection found configuration to be a top weakness at a VA healthcare system in Arizona.
Microsoft released the largest set of patches of the year - software updates for 132 vulnerabilities, including six zero-days. Microsoft rated nine of the flaws as having critical severity, 121 as being important and eight as being linked to critical remote code execution vulnerabilities.
Apple is advising users to remove the software patch released on Monday aimed at fixing a zero-day vulnerability being exploited in the wild. The tech giant said the patch might prevent some websites from displaying properly and that it hopes to release a new patch soon.
For the third time since the discovery of the MOVEit Transfer application zero-day vulnerability, Progress Software has revealed a new critical SQL injection vulnerability that allows remote attackers to bypass authentication and execute arbitrary code.
This week, the U.S. sanctioned Russians running influence campaigns, the owner of the Monopoly darknet drug market was charged, CISA ordered federal agencies to patch flaws before July 13, Suncor Energy suffered a cyberattack and Petro-Canada gas stations were affected.
Microsoft discovered hackers targeting internet-facing Linux systems and IoT devices to steal IT resources for cryptocurrency mining operations. The campaign begins by brute-forcing target systems and devices and then uses a backdoor to deploy open-source tools such as rootkits and an IRC bot.
Apple has fixed multiple zero-days that were actively being exploited since 2019 and infect several iOS devices with a spyware implant dubbed TriangleDB via zero-click iMessage exploits. The tech giant said the vulnerabilities actively exploited iOS versions released before iOS 15.7.
The latest vulnerability in MOVEit's managed file transfer application could lead to escalated privileges and unauthorized access to customer environments. Progress Software said a SQL injection flaw could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database.
Chinese hackers in a state-run operation compromised hundreds of organizations through a zero-day vulnerability in a popular email security appliance, warns cyber threat intelligence firm Mandiant. Hackers used a zero-day vulnerability in Barracuda Networks Email Security Gateway appliances.
Microsoft's June dump of patches for the first time in months doesn't include a fix for an actively exploited zero-day in a slew of fixes for 69 vulnerabilities spread across the computing giant's portfolio of products. Among them are SharePoint, Exchange and servers that enable multicasting.
Fortinet has patched a critical vulnerability affecting Fortigate Secure Sockets Layer network VPN devices that allow remote network access. French security firm Olympe uncovered the vulnerability and said the flaw can be exploited without credentials and can bypass multifactor authentication.
The company behind the MOVEit managed file transfer application is urging customers into a new round of emergency patching after identifying additional vulnerabilities. "These newly discovered vulnerabilities are distinct from the previously reported vulnerability," said Progress Software.
Hackers stole personal information of up to 100,000 employees of Nova Scotia Health by exploiting the zero-day in Progress Software's MOVEit managed file transfer application. The software is widely used in the healthcare sector, warned the U.S. federal government.
This week: Barracuda Networks recalls hacked email security appliances, the latest on MOVEit, and a Gigabyte motherboard firmware security vulnerability is exposed. Also, researchers detail a patched flaw in the Microsoft Visual Studio extension installer, and ransomware hits across the globe.
The Clop ransomware-as-a-service gang said it is behind a spate of hacks taking advantage of a vulnerability in Progress Software's MOVEit managed file transfer application. "We download alot of your data as part of exceptional exploit," the gang says in a misspelled post on its dark web leak site.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.