Search Results: cybersecurity

Patch FortiGate SSL-VPN Devices Immediately

Fortinet is urging organizations to apply a patch to fix a critical vulnerability in its FortiGate SSL-VPN devices.

June 13, 2023 Zachary Comeau Leave a Comment

Cybersecurity firm Fortinet is warning organizations of a critical vulnerability in its FortiGate SSL-VPN devices, continuing a string of recent exploitations of vulnerabilities in similar devices due to their internet-facing nature and access to a victim’s network. The vulnerability–tracked as CVE-2023-27997–is a heap-based overflow flaw that could allow a remote attacker to execute arbitrary code […]

Barracuda: Replace Compromised ESG Appliances Immediately

Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug to replace them.

June 12, 2023 Zachary Comeau Leave a Comment

[Editor’s Note: This article has been updated to reflect Barracuda Networks’ official statement.] Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug in the devices to replace them, even if they were patched. The company’s recommendation comes after Barracuda was first alerted to anomalous traffic coming from […]

Email Attacks are Evading Security Protections. Here’s How Security Teams Should Respond.

IT, security teams and end users should take these actions to combat increasingly sophisticated email threats.

June 6, 2023 Trevor Collins Leave a Comment

Instances of business email compromise (BEC) – a targeted form of phishing in which attackers try to scam companies out of money or goods or trick employees into giving up sensitive info – have continued to increase, causing devastating impacts. Last year, the FBI’s Internet Crime Complaint Center (IC3) reported $43 billion of global exposed […]

Ransomware Groups Confirmed to be Exploiting MOVEit Bug

Microsoft, cybersecurity firms say MOVEit Transfer vulnerability is being exploited by a group associated with the Clop ransomware actors.

June 5, 2023 Zachary Comeau Leave a Comment

Cybersecurity firms are reporting widespread exploitation of the MOVEit Transfer vulnerability across a wide range of organizations large and small, with some publicly confirming that known ransomware groups are leveraging the flaw. That includes Microsoft, which is attributing the attacks exploiting the bug, tracked as CVE-2023-34362, to a group it calls “Lace Tempest,” which is […]

The Cyberattacks and Insider Threats During The Development of China’s C919 Passenger Jet

As China celebrates the first commercial flight of its C919 jet, we look back at allegations of hacking and insider threats during its development.

June 5, 2023 Zachary Comeau Leave a Comment

Over the weekend, China claimed a major win by launching the first commercial flight of the C919, the country’s first domestically manufactured large passenger jet built by the Commercial Aviation Corporation of China (COMAC). However, some non-China-based aviation manufacturers and cybersecurity firms may opt to use the term “domestically manufactured” loosely. According to CNN, the […]

MOVEit vulnerability, zero-day, Progress Software

Act Now: Vulnerability in Progress Software’s MOVEit Transfer Software

Cybersecurity researchers are sounding the alarm on a new zero-day vulnerability in Progress Software’s MOVEit Transfer solution.

June 2, 2023 Zachary Comeau Leave a Comment

Cybersecurity companies and researchers are sounding the alarm on a new zero-day vulnerability in Progress Software’s MOVEit Transfer solution, with attackers pouncing on the vulnerability since it was disclosed by Progress Software on May 31. According to Progress Software, the vulnerability in MOVEit Transfer could lead to escalated privileges and potential unauthorized access to the […]

Kaspersky Discovers New 0-Click iOS Exploit

Russia-based cybersecurity firm Kaspersky warns of new 0-click exploit targeting Apple iOS devices as Russia accuses NSA.

June 1, 2023 Zachary Comeau Leave a Comment

Cybersecurity firm Kaspersky says it is investigating “previously unknown” malware targeting the company’s own employee’s Apple iOS devices that can compromise devices via the iMessage service with an attachment without any user interaction. According to Kaspersky, the message triggers a vulnerability that leads to code execution, and the code within the exploit downloads several subsequent […]

Threat Detection Trends, 2023 Hacking Trends, Expel

New Email Rules, MFA Bypass Are Top Hacking Tactics So Far in 2023

Cybersecurity firm Expel's 2023 first quarter threat report finds that hackers are hiding their activity with email rules and bypassing MFA.

June 1, 2023 Zachary Comeau Leave a Comment

Account compromise, new inbox rules designed to hide malicious activity, and multifactor authentication bypass are the most popular hacking tactics being utilized by threat actors so far in 2023, according to a new report from cybersecurity firm Expel. According to the managed detection and response provider, identity-based attacks such as account compromise, account takeover and […]

CrowdStrike Launches Virtual Security Assistant Charlotte AI

CrowdStrike wants its new generative AI tool Charlotte AI to make IT and security professionals more efficient and narrow the skills gap.

May 31, 2023 Zachary Comeau Leave a Comment

CrowdStrike is launching a private customer preview of its own generative AI solution which it calls Charlotte AI, essentially an AI assistant for the company’s CrowdStrike Falcon platform designed to help any user of the platform become a power user. According to the Austin, Texas-based cybersecurity giant, Charlotte AI lets customers ask natural language questions […]

AWS Launches General Availability of Amazon Security Lake

Amazon Security Lake automatically centralizes security data from across AWS environments, SaaS providers, on-premises and cloud sources.