#zero_day

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today. "CVE-2023-34362 allows attackers to

By Waqas The researchers discovered the oldest traces of infection in 2019, and it is believed that the attack is still active. This is a post from HackRead.com Read the original post: Kaspersky Reveals iPhones of Employees Infected with Spyware

Categories: Exploits and vulnerabilities Categories: News Tags: Progress Tags: MOVEit Tags: vulnerability Tags: human2.aspx A critical vulnerability in Progress MOVEit Transfer is being used to steal large amounts of data (Read more...) The post Update now! MOVEit Transfer vulnerability actively exploited appeared first on Malwarebytes Labs.

A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment. "An SQL injection

On the same day, Russia’s FSB intelligence service launched wild claims of NSA and Apple hacking thousands of Russians.

Plus: Microsoft patches two zero-day flaws, Google’s Android and Chrome get some much-needed updates, and more.

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery.

Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative (ZDI) said in a report published last week. The vulnerabilities were demonstrated by three different teams from Qrious Secure, STAR Labs, and DEVCORE at the Pwn2Own hacking contest held in Toronto late last year,

Categories: Exploits and vulnerabilities Categories: News Barracuda Networks issued a patch for a zero-day vulnerability in its Email Security Gateway that was actively being exploited (Read more...) The post Barracuda Networks patches zero-day vulnerability in Email Security Gateway appeared first on Malwarebytes Labs.

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA