Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software

Klicken Sie hier, um Informationweek.com zu abonnieren

Kategorien: Dienstleistungen | Professionals Geschäftswaren Finanziell Kantoor Marketing Einzelhandel Einzelhandel Industrie Machines Alter: 14 - 18 Jahr 19 - 30 Jahr 31 - 64 Jahre

Laden...

1 jahr vor

Html
Text

In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.

Follow Dark Reading:

October 02, 2023

LATEST SECURITY NEWS & COMMENTARY

Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request. DHS: Physical Security a Concern in Johnson Controls Cyberattack An internal memo cites DHS floor plans that could have been accessed in the breach. Cybersecurity Gaps Plague US State Department, GAO Report Warns The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring. Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain The Israeli company developed highly-targeted, mobile malware that would make any APT jealous. People Still Matter in Cybersecurity Management Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting. Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise. (Sponsored Article) Evaluating New Partners and Vendors From an Identity Security Perspective Before working with new vendors, it's important to understand the potential risks they may pose to your digital environments. MORE NEWS / MORE COMMENTARY


HOT TOPICS
Johnson Controls International Disrupted by Major Cyberattack The company filed with the SEC and is assessing its operations and financial damages. New Cisco IOS Zero-Day Delivers a Double Punch The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack. How the Okta Cross-Tenant Impersonation Attacks Succeeded Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you. 4 Legal Surprises You May Encounter After a Cybersecurity Incident Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident. MORE

EDITORS' CHOICE

Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government. LATEST FROM THE EDGE
How Can Your Security Team Help Developers Shift Left? Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology. LATEST FROM DR TECHNOLGY
A Preview of Windows 11's Passkeys Support The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication. LATEST FROM DR GLOBAL
Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC).

WEBINARS

Fundamentals of a Cyber Risk Assessment

Executives are increasingly thinking about cyberattacks and security threats in terms of risk to their organization. It can be difficult for organizations to quantitatively measure risk, or to assess how an attack or breach would impact the business. In this ...

Using AI in Application Security Tooling

As AI continues to improve, security vendors are considering how they can use AI to protect applications. In web application and API security tooling used to protect production environments, AI/ML can be used to enhance and complement existing tactics ...

View More Dark Reading Webinars >>

WHITE PAPERS

Threat Intelligence: Data, People and Processes Global Perspectives on Threat Intelligence Crucial Considerations when Enabling Secure Industrial Digital Transformation 2023 Work-From-Anywhere Global Study The Ultimate Guide to the CISSP Rediscovering Your Identity Cybersecurity in a post pandemic world: A focus on financial services

View More White Papers >>

FEATURED REPORTS

What Ransomware Groups Look for in Enterprise Victims

Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

Everything You Need to Know About DNS Attacks How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment

Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ...

View More Dark Reading Reports >>

PRODUCTS & RELEASES

Radiant Logic Announces Expanded Identity Analytics and Data Management Platform Capabilities Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap With Military Veteran Talent Netscout Identified Nearly 7.9M DDOS Attacks in the First Half of 2023 Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle MORE PRODUCTS & RELEASES

CURRENT ISSUE

How to Deploy Zero Trust for Remote Workforce Security
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Teilen auf

Laden...

Weitere Newsletter von Informationweek.com

Laden...

Andere Kategorien anzeigen

Dienstleistungen | Professionals Geschäftswaren Finanziell Kantoor Marketing Einzelhandel Einzelhandel Industrie Machines

Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software

How to Deploy Zero Trust for Remote Workforce Security

Teilen auf

Weitere Newsletter von Informationweek.com

Verwandte Newsletter

Andere Kategorien anzeigen