Progress Software has reported a third vulnerability in its MOVEit Transfer application. The bug, which still awaits a CVE identifier, is an SQL injection vulnerability. The company strongly advised customers to disable all HTTP and HTTPS traffic to MOVEit Transfer on ports 80 and 443. This precautionary measure is recommended until a patch is prepared […]
The infection chain is triggered by the exploitation of vulnerable on-premises Internet Information Services (IIS) and Microsoft Exchange serves to infiltrate target networks.
The Palo Alto company said the $15 million Series A was led by U.S. Venture Partners (USVP) and Foundation Capital, two prominent investment firms betting on cybersecurity startups.
The malware, rented for $150/month, targets 40 web browsers, 70 browser extensions, 21 cryptocurrency applications, 9 MFA and password management applications, 55 cryptocurrency browser extensions, Steam and Telegram credentials, and more.
Security experts at ESET stumbled across an updated version of the Android GravityRAT spyware being distributed under the disguise of messaging applications such as BingeChat and Chatico. The BingeChat campaign is ongoing since August 2022, whereas the Chatico campaign doesn’t seem active anymore. GravityRAT can extract WhatsApp backups and receive commands for file deletion.
The US Department of Agriculture is investigating a “possible data breach” of a department contractor connected to a broader hack on multiple federal agencies that officials have blamed on Russian cybercriminals, a spokesperson told CNN.
Polish police officers of the country’s Central Bureau for Combating Cybercrime detained two suspects believed to have been involved in operating a DDoS-for-hire service (aka booter or stresser) active since at least 2013.
Due to the complexity of the hardware supply chain, encryption chips sold by the subsidiary of a company flagged in the Entity List have found their way into the storage hardware of military and intelligence networks across the West.
Cyberattacks using malicious lookalike domains, email addresses, and other types of registered identifiers are rising, domain name system (DNS) security provider Infoblox found.
A report published Wednesday by the Atlantic Council’s Cyber Statecraft Initiative asserts that the SEC’s proposed rules — requiring incident disclosure within four days — substantially differ from CIRCIA regulations.