vulnerabilities

MOVEit | Jun 16, 2023

As victim count mounts, a critical new MOVEit bug emerges - with US federal agencies compromised

new MOVEit vulnerability and federal agencies hacked

Hackers "often breach the Department’s defensive perimeter and roam freely within our information systems"

Fortinet | Jun 12, 2023

MFA is no protection against this critical new Fortinet vulnerability, CVE-2023-27997

"It is a pre-auth RCE [and] has been proven to be exploitable in a consistent manner; we found it during a Red Team engagement and have exploited it remotely..."

News | Jun 05, 2023

UPDATED: File transfer software under active attack. Banks, gov't hit as CVE, new IOCs released

Admins should urgently modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443. (Also, can we start fuzzing for SQL Injection properly, please?)

Security | Apr 10, 2023

Known exploited list: 15 million systems still exposed

... and probably shot to high heaven with malware.

Security | Mar 16, 2023

As CVE-2023-23397 exploits proliferate, worry mounts

Security experts are warning that a critical Microsoft Outlook exploit is trivial to deploy and “will likely be leveraged imminently by actors for espionage purposes or financial gain” – after Ukrainian cybersecurity authorities disclosed CVE-2023-23397, a critical vulnerability that requires no user interaction to exploit. As The Stack reported, the critical

Security | Mar 14, 2023

Urgent: Microsoft 365 Apps being exploited in wild via CVSS 9.8 bug