Progress

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) 2024-07-26 at 09:46 By Zeljka Zorz Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for storing, […]

React to this headline:

Loading spinner

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) Read More »

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) 2024-06-25 at 21:16 By Zeljka Zorz Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately instructing users to implement the hotfixes before

React to this headline:

Loading spinner

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) Read More »

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) 2024-06-04 at 17:46 By Zeljka Zorz Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and

React to this headline:

Loading spinner

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) Read More »

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) 2024-04-24 at 15:01 By Zeljka Zorz More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month. “Currently,

React to this headline:

Loading spinner

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) Read More »

Correct bad network behavior to bolster application experience

Correct bad network behavior to bolster application experience 18/12/2023 at 08:31 By Help Net Security Legacy hardware-based applications existed happily in isolation, untethered from a network. The thing that really mattered was the speed of the hard drive and having enough memory. Today, even the software running from personal hard drives relies on other applications

React to this headline:

Loading spinner

Correct bad network behavior to bolster application experience Read More »

Infosec products of the month: October 2023

Infosec products of the month: October 2023 01/11/2023 at 06:32 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, Arcitecta, AuditBoard, BackBox, Cloaked, ComplyCube, Darktrace, Data Theorem, Flexxon, Fortanix, Fortinet, Jumio, LogicMonitor, Malwarebytes, ManageEngine, Nutanix, Prevalent, Progress, SailPoint, Thales, Vanta, Veriff, and Wazuh. Veriff

React to this headline:

Loading spinner

Infosec products of the month: October 2023 Read More »

New infosec products of the week: October 27, 2023

New infosec products of the week: October 27, 2023 27/10/2023 at 08:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Darktrace, Data Theorem, Jumio, Malwarebytes, Progress, and Wazuh. Progress Flowmon ADS 12.2 AI offers advanced security event monitoring Flowmon ADS 12.2 harnesses the power

React to this headline:

Loading spinner

New infosec products of the week: October 27, 2023 Read More »

Progress Flowmon ADS 12.2 AI offers advanced security event monitoring

Progress Flowmon ADS 12.2 AI offers advanced security event monitoring 26/10/2023 at 16:01 By Industry News Progress has unveiled the latest release of its network anomaly detection system, Progress Flowmon ADS. Flowmon ADS 12.2 harnesses the power of artificial intelligence (AI) to provide an advanced and holistic view of detected security events, empowering cybersecurity professionals

React to this headline:

Loading spinner

Progress Flowmon ADS 12.2 AI offers advanced security event monitoring Read More »

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) 02/10/2023 at 14:17 By Helga Labus Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers

React to this headline:

Loading spinner

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) Read More »

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations 26/09/2023 at 15:01 By Helga Labus The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. “The most heavily impacted sectors are

React to this headline:

Loading spinner

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations Read More »

National Student Clearinghouse MOVEit breach impacts nearly 900 schools

National Student Clearinghouse MOVEit breach impacts nearly 900 schools 25/09/2023 at 14:31 By Helga Labus US educational nonprofit organization National Student Clearinghouse (NSC) has revealed that the breach of its MOVEit server ended up affecting almost 900 colleges and universities, and resulted in the theft of personal information of their students. The National Student Clearinghouse

React to this headline:

Loading spinner

National Student Clearinghouse MOVEit breach impacts nearly 900 schools Read More »

Building resilience through DevSecOps

Building resilience through DevSecOps 17/07/2023 at 06:32 By Help Net Security DevSecOps, short for Development, Security, and Operations, is an approach that emphasizes the integration of security practices and principles into every stage of the software development lifecycle. It aims to bridge the gap between development teams, security teams, and operations teams, fostering collaboration and

React to this headline:

Loading spinner

Building resilience through DevSecOps Read More »

Infosecurity Europe 2023 video walkthrough

Infosecurity Europe 2023 video walkthrough 21/06/2023 at 11:24 By Help Net Security Infosecurity Europe 2023 is taking place in London this week, and this video provides a closer look at this year’s event. The post Infosecurity Europe 2023 video walkthrough appeared first on Help Net Security. This article is an excerpt from Help Net Security

React to this headline:

Loading spinner

Infosecurity Europe 2023 video walkthrough Read More »

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) 19/06/2023 at 15:09 By Zeljka Zorz Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to

React to this headline:

Loading spinner

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) Read More »

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362) 13/06/2023 at 14:18 By Zeljka Zorz As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. CVE-2023-34362 PoC exploit released Horizon3 security

React to this headline:

Loading spinner

PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362) Read More »

It’s time to patch your MOVEit Transfer solution again!

It’s time to patch your MOVEit Transfer solution again! 12/06/2023 at 16:47 By Zeljka Zorz Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations again: With the help of researchers from Huntress, the company has uncovered additional SQL

React to this headline:

Loading spinner

It’s time to patch your MOVEit Transfer solution again! Read More »

Cl0p announces rules for extortion negotiation after MOVEit hack

Cl0p announces rules for extortion negotiation after MOVEit hack 08/06/2023 at 14:03 By Zeljka Zorz The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their

React to this headline:

Loading spinner

Cl0p announces rules for extortion negotiation after MOVEit hack Read More »

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims 06/06/2023 at 13:50 By Zeljka Zorz The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are

React to this headline:

Loading spinner

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims Read More »

MOVEit Transfer zero-day attacks: The latest info

MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the

React to this headline:

Loading spinner

MOVEit Transfer zero-day attacks: The latest info Read More »

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned

React to this headline:

Loading spinner

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »

Scroll to Top