enterprise
The multiplying impact of BEC attacks
The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are …
MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims
The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been …
MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)
The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: …
MOVEit Transfer zero-day attacks: The latest info
There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – …
Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!
UPDATE (June 2, 2023, 05:55 a.m. ET): Check out our update on this evolving situation. A critical zero-day vulnerability in Progress Software’s enterprise managed file …
Threat actors can exfiltrate data from Google Drive without leaving a trace
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga …
Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)
A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after …
Fraudsters send fake invoice, follow up with fake exec confirmation
Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones …
PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates
Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro …
VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)
VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user …
Google adds new risk assessment tool for Chrome extensions
Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: …
VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865)
VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log …