Fresh MOVEit Bug Under Attack Mere Hours After Disclosure
Ingalls Information Security
Enabling Innovation Through Better Cyber Risk Management
Check out recent news and resources to stay informed about what's happening in cybersecurity.
FEATURED ARTICLE
A high-severity security vulnerability (CVE-2024-5806) in Progress Software's MOVEit Transfer software could allow cyberattackers to get around the platform's authentication mechanisms — and it's being actively exploited in the wild just hours after it was made public. (Dark Reading)
EXPERT TAKE
“It's no surprise to see threat actors moving quickly to exploit new vulnerabilities in the MOVEit Transfer software, given how successful the Russian-backed Cl0p ransomware group was last year. However, it is important to note that the instances being observed in the wild at this moment are within honeypots monitored by organizations such as the non-profit Shadowserver Foundation. Honeypot activity does not always correlate with real-world production environments, as these attacks may be coming from the cybersecurity community itself to identify potentially vulnerable systems. Thankfully Progress Software has already provided a new version and urges its customers to upgrade to the latest patched version immediately. The main takeaway for organizations is to stay vigilant about news and updates from their vendors and deploy patches immediately in case of severe vulnerabilities. However, organizations should also ensure that they adhere to their patch management policy, considering risk tolerance and the potential business impact of a successful exploitation.”
– Tadeh Anbarchian , SOC Analyst at Ingalls Information Security
NEWS ROUNDUP
Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability, tracked as CVE-2024-30103 (CVSS score of 8.8), leading to remote code execution. (SecurityWeek)
?
领英推荐
CDK Global, which makes software for car dealers, experienced a cyber incident that halted vehicle sales and service across the US. (Dark Reading)
?
Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. (The Hacker News)
?
The BadSpace backdoor is being distributed via drive-by attacks involving infected WordPress websites?and JavaScript downloaders, (SecurityWeek)
?
The US cybersecurity agency CISA has?warned?the public that phone scammers are impersonating its employees. The agency has reminded people that it will never contact anyone to request money, cryptocurrency, or gift cards. (CISA)
?
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. (The Hacker News)