enterprise

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)

Don't miss, enterprise, GreyNoise, Hot stuff, News, patch, VMWare, vulnerability /

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) 21/06/2023 at 11:42 By Zeljka Zorz CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being exploited in the wild. There are no workarounds to mitigate the risk of exploitation – enterprise admins are […]

React to this headline:

Loading spinner

VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887) Read More »

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)

Don't miss, enterprise, Hot stuff, News, PoC, security update, Tenable, VMWare, vulnerability /

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) 15/06/2023 at 13:01 By Helga Labus VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-20887, CVE-2023-20888,CVE-2023-20889) CVE-2023-20887 is a pre-authentication command injection vulnerability

React to this headline:

Loading spinner

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) Read More »

Switzerland under cyberattack

Data leak, data theft, DDoS, Don't miss, enterprise, Government, Hot stuff, News, Ransomware, Switzerland /

Switzerland under cyberattack 14/06/2023 at 14:18 By Helga Labus Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities and companies in the last few months. Government sites under DDoS attacks “Several Federal Administration websites are/were inaccessible on Monday 12 June 2023,

React to this headline:

Loading spinner

Switzerland under cyberattack Read More »

The multiplying impact of BEC attacks

BEC scams, Don't miss, enterprise, FBI, Hot stuff, Microsoft, News, phishing, SMBs, social engineering /

The multiplying impact of BEC attacks 12/06/2023 at 16:22 By Helga Labus The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are ramping up their social engineering efforts to great success. BEC attackers targeting the real estate sector The FBI

React to this headline:

Loading spinner

The multiplying impact of BEC attacks Read More »

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims

0-day, British Airways, cybercrime, data theft, Don't miss, enterprise, extortion, Hot stuff, News, Orange Cyberdefense, Progress, Rapid7, SMBs, supply chain attacks /

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims 06/06/2023 at 13:50 By Zeljka Zorz The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are

React to this headline:

Loading spinner

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims Read More »

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)

0-day, data theft, Don't miss, enterprise, extortion, file-sharing, Hot stuff, Mandiant, News, Rapid7, vulnerability /

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) 05/06/2023 at 15:10 By Zeljka Zorz The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many

React to this headline:

Loading spinner

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) Read More »

MOVEit Transfer zero-day attacks: The latest info

0-day, attack, data theft, Don't miss, enterprise, file-sharing, Hot stuff, Huntress, News, Progress, Rapid7, TrustedSec, vulnerability /

MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the

React to this headline:

Loading spinner

MOVEit Transfer zero-day attacks: The latest info Read More »

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!

0-day, attack, Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, threat, vulnerability /

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned

React to this headline:

Loading spinner

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »

Threat actors can exfiltrate data from Google Drive without leaving a trace

digital forensics, Don't miss, enterprise, Google, Google Drive, Google Workspace, Hot stuff, Incident Response, Mitiga, News, SMBs, threat hunting /

Threat actors can exfiltrate data from Google Drive without leaving a trace 01/06/2023 at 15:43 By Zeljka Zorz Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident

React to this headline:

Loading spinner

Threat actors can exfiltrate data from Google Drive without leaving a trace Read More »

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)

Don't miss, enterprise, firewall, firmware, Hot stuff, News, PoC, Rapid7, security update, SMBs, vulnerability, Zyxel /

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) 22/05/2023 at 14:05 By Zeljka Zorz A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a

React to this headline:

Loading spinner

Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) Read More »

Fraudsters send fake invoice, follow up with fake exec confirmation

Armorblox, Don't miss, enterprise, fraud, News, security awareness, SMBs /

Fraudsters send fake invoice, follow up with fake exec confirmation 16/05/2023 at 16:10 By Zeljka Zorz Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. A clever payment request fraud The fraud attempt begins with an email containing

React to this headline:

Loading spinner

Fraudsters send fake invoice, follow up with fake exec confirmation Read More »

Scroll to Top