Security News

Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution that can let attackers steal information from customers' databases. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," Progress says in an advisory published today.

Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them for 3,345 BNB, worth approximately $1,100,000. While Level Finance said the attack did not affect its liquidity pool and the DAO treasury, and the exploit was isolated from all other contracts, the LVL token lost roughly 50% of its value immediately after the attack was made known.

Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break authentication or recover users' long-term private keys. The vulnerabilities have been fixed and Threema has since switched to a new communication protocol they designed with the help of external cryptographers.

Microsoft has announced a new security product allowing security teams to spot Internet-exposed resources in their organization's environment that attackers could use to breach their networks. Dubbed Microsoft Defender External Attack Surface Management, this new product provides customers with an overview of their businesses' attack surface, making it simpler to discover vulnerabilities and block potential attack vectors.

Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. For IT admins, Kolide provides a single dashboard that lets you monitor the security of your entire fleet, whether they're running on Mac, Windows, or Linux.

If you're a cloud service vendor, you should be prepared to answer this question from your customers: How can you prove your security and privacy practices are truly secure? An external review validates your existing security practices.

UADAI arranges for collection of the biometrics needed to create an Aadhaar - ten fingerprints, two iris scans, and a facial photograph - through enrollment agencies and registrars and provides authentication-as-a-service using Aadhaar numbers. More than a billion Aadhaar IDs have been issued and over 99 per cent of India adults have enrolled in the scheme.

Attracting talent with nontraditional skills to audit is the top challenge for audit leaders this year, according to Gartner. A July 2021 survey of 166 audit leaders revealed that making the leap to more advanced analytics applications, improving IT auditing practices, and providing sufficient assurance over cybersecurity were also serious concerns for audit leaders in 2022.

Lynis is more than just a rootkit detector, as it makes it possible to run detailed auditing of your Linux servers for numerous security issues as well as misconfigurations. I want to walk you through the process of installing Lynis and running a scan on AlmaLinux.

As part of a SOC2 audit, it is necessary to conduct security checks across the company's SaaS stack that will look for misconfigured settings such as detection and monitoring to ensure continued effectiveness of information security controls and prevent unauthorized/ inappropriate access to physical and digital assets and locations. If you're beginning or on a SOC2 audit journey, then an SSPM solution can streamline the process and shorten the time it takes to pass a SOC2 audit successfully, fully covering your SaaS Security posture.