Security News > 2023 > June

The U.S. Cybersecurity and Infrastructure Security Agency on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a denial-of-service condition and remote code execution.

The US Securities and Exchange Commission has dismissed proceedings against 42 companies and individuals after admitting that its enforcement staff accessed documents that were supposed to be for judges' eyes only. All 42 [PDF] of the now-dismissed cases were slated to be heard by the watchdog agency's in-house court - which is supposed to remain strictly separate from the SEC's enforcement staff.

Ai, discusses a dark side to generative AI that isn't talked about enough. Organizations must remember that anything that goes into the learning process can never be taken back.

CISOs and ITDMs continue to be most occupied with business, IT and security program strategy, but they are spending less time on threat research, awareness and hunting compared to 2022, according to Nuspire. The ever-evolving cybersecurity landscape and end-user error and education remain the biggest challenges for CISOs/ITDMs, with end-users accounting for much of their worries, specifically malware/ ransomware, phishing and cloud security breaches.

67% of consumers are aware of generative AI technologies but they overestimate their ability to detect a deepfake video, according to Jumio. Awareness of generative AI and deepfakes among consumers is high - 52% of respondents believe they could detect a deepfake video.

The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data. Conducting attacks around holidays is a common tactic for the Clop ransomware operation, which has previously undertaken large-scale exploitation attacks during holidays when staff is at a minimum.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Last week, Progress Software Corporation, which sells software and services for user interface developement, devops, file management and more, alerted customers of its MOVEit Transfer product about a critical vulnerability dubbed CVE-2023-34362. If the backend data is stored in a SQL database, the web server might convert that URL into a SQL command like the one shown below.

British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app. Instead, payroll services provider Zellis on Monday admitted its MOVEit installation had been exploited, and as a result "a small number of our customers" - including the aforementioned British trio - had their information stolen.

The Atomic Wallet app's makers first reported June 3 that some folks were complaining some crypto had been taken from their wallets and deposited in strangers' accounts, with others saying their wallets had been emptied completely. The developer, headquartered in Tallinn, Estonia, says Atomic Wallet is a noncustodial app, meaning that users own the 12-word backup phrase and private keys to their coins, rather than the app maker, and that security is within the users' control.