Security News > 2023 > July

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer.The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized access to the MOVEit Transfer database.

OpenAI is seeking researchers to work on containing super-smart artificial intelligence with other AI. The end goal is to mitigate a threat of human-like machine intelligence that may or may not be science fiction. "We need scientific and technical breakthroughs to steer and control AI systems much smarter than us," wrote OpenAI Head of Alignment Jan Leike and co-founder and Chief Scientist Ilya Sutskever in a blog post.

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called "Instances," and it has over 14 million users across more than 20,000 instances.

"An SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database," reads Progress's security bulletin. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content" - MOVEit Transfer advisory.

Capita has informed some of its employees that its own pension fund was among the victims of a cybercrime attack on its system, resulting in the theft of their personal details, they say. In a letter shared with UK newspaper The Times, Capita apparently told staff members a full three months after the breach that it had "Identified evidence that the following personal data relating to you is within the data compromised and/or copied from Capita's systems."

We're now in a different sort of resource rush, with companies peddling bits instead of oil: generative AI. Everyone is talking about these new AI technologies-like ChatGPT-and AI companies are touting their awesome power. Generative AI needs a wide variety of data, which means all of us are valuable-not just those of us who write professionally, or prolifically, or well.

Leading analyst firm Gartner Research describes the solution: "By 2026, organizations prioritizing their security investments based on a continuous exposure management program will be 3x less likely to suffer from a breach." IT and security teams constantly face threat exposures, and they must proactively address critical security gaps in their exposed assets.

Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft's Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes' terrifying velocity and damaging nature.

There's been a lot of activity with Microsoft this month which may impact updates we'll see. Starting on Patch Tuesday, the application of Windows 11 22H2 KB5027231 cumulative update broke Google Chrome for users running Malwarebytes, Cisco Secure Endpoint, and WatchGuard Endpoint Security - they were not able to launch Google Chrome.

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities.Among these, three vulnerabilities have been identified as actively exploited in targeted attacks.