Security News > 2023 > June

A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems."An SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database," the company said.

Despite rising labor costs, economic inflation, and companies making an effort to cut back, the salary outlook for IT professionals is positive, according to InformationWeek. The median salary increased from $125,000 in 2021 to $140,000, a jump of 12%. 61% of IT pros are satisfied with their total compensation, and 62% report they are satisfied with their overall job.

Gigabyte ships a wide range of motherboard models that come with an App Center utility, which is supposed to keep the system's firmware, drivers, and related software up to date. The UEFI firmware Gigabyte ships with its motherboards performs a number of actions as the system boots.

Security researchers and the US government have sounded the alarm on a flaw in Progress Software's MOVEit Transfer that criminals have been "Mass exploiting" for at least a month to break into IT environments and steal data. There's now MOVEit Transfer 2023.0.1, 2022.1.5, 2022.0.4, 2021.1.4, and 2021.0.6 available to fix the insecure code.

Russian intelligence has accused American snoops and Apple of working together to backdoor iPhones to spy on "Thousands" of diplomats worldwide. A Kaspersky spokesperson told The Register it's aware of the FSB claims, but can't say if the two things - Uncle Sam backdooring iPhones, and the spyware found on several Kaspersky devices - are linked.

The malware enables the operators to take control of the victim's Gmail, Outlook, Hotmail, or Yahoo email accounts, steal email data and 2FA codes arriving in the inbox, and send phishing emails from the compromised accounts. The victim clicks on the hyperlink on the page and downloads a RAR archive that contains a batch file with a CMD extension, which downloads a PowerShell script that fetches trojan DLLs and a set of legitimate executables from the C2 server.

DOUG. Password manager cracks, login bugs, and Queen Elizabeth I versus Mary Queen of Scots of course! Our last story of the day: Don't panic, but there's apparently a way to crack the master password for open-source password manager KeePass.

Microsoft is now rolling out a new Windows 11 dev build allowing Insiders to view their phone's camera roll in the File Explorer Gallery. Once the Windows 11 Insider Preview Build 23471 gets installed, they can add photos from their phone by clicking a new button added to the File Explorer's command bar.

Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy. Approximately 71% of respondents to a survey of identity and access management company Okta's first Customer Identity Trends Report said they are aware that their online activities leave a data trail.

Harvard Pilgrim Health Care has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. The Massachusetts-based non-profit health services provider shared this information-which corresponds to roughly all its members-to the U.S. Department of Health and Human Services breach portal.