Security News

Government agencies in the United States and Australia warn organizations that a vulnerability affecting ForgeRock Access Management has been exploited in the wild. AM is based on the OpenAM open source solution, which ForgeRock sponsored until 2016.

Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials. SpoofedScholars is a new credential phishing attack that uses a University of London website to steal information from researchers who specialize in the Middle East, according to new analysis from Proofpoint.

Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," the organization said in an alert.

Attackers are actively exploiting a critical, pre-authorization remote-code execution vulnerability in the popular Access Management platform from digital identity management firm ForgeRock. On Monday morning, the Cybersecurity and Infrastructure Security Agency warned that the vulnerability could enable attackers to execute commands in the context of the current user.

American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft. "A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess' systems between February 2, 2021 and February 23, 2021," the company said in breach notification letters mailed to impacted customers.

Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as "Limited, targeted attacks." In an advisory issued over the weekend, SolarWinds said a single threat actor exploited security flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products against "a limited, targeted set of customers."

Kaseya made good on its promise to issue patches by July 11. On Saturday, the company behind the Virtual System/Server Administrator platform that got walloped by the REvil ransomware-as-a-service gang in a massive supply-chain attack released urgent updates to address critical zero-day security vulnerabilities in VSA. Kaseya released the VSA 9.5.7a update to fix three zero-day vulnerabilities used in the ransomware attacks.

IT management solutions provider Kaseya has released patches for the vulnerabilities exploited in the recent ransomware attack, and the company has also started restoring SaaS services. Kaseya shut down its VSA remote monitoring and management product on July 2, shortly after learning of a ransomware attack targeting the company and its customers.

Florida-based software vendor Kaseya on Sunday rolled out software updates to address critical security vulnerabilities in its Virtual System Administrator software that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack. The latest development comes days after Kaseya warned that spammers are capitalizing on the ongoing ransomware crisis to send out fake email notifications that appear to be Kaseya updates, only to infect customers with Cobalt Strike payloads to gain backdoor access to the systems and deliver next-stage malware.

Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers.