Security News

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month.

Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and...

While digital trust overwhelmingly remains a critical focus for all enterprises, the latest report from DigiCert shines a light on the growing divide between the 'leaders', and the 'laggards'. The top 33% digital 'trust leaders' enjoyed higher revenue, better digital innovation and higher employee productivity.

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission now investigating the matter, and lots of affected parties seeking compensation. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "Various documents and information relating to the MOVEit Vulnerability."

As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive, sheds light on the challenges and possible solutions to the cybersecurity threats that modern vehicles encounter.

Infosec in brief Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for another file-handling product: WS FTP. We're told this software's ad hoc transfer module and WS FTP's server management interface were found to have eight vulnerabilities, with CVSS severity scores ranging from 5.3 all the way to 10 out of 10. At their most severe, all versions of WS FTP Server prior to 8.7.4 and 8.8.2 are vulnerable to a.NET deserialization attack from a pre-authenticated attacker.

Progress Software has issued hotfixes for a critical security vulnerability (with a maximum CVSS score of 10.0) and seven other flaws in its WS_FTP Server Ad hoc Transfer Module and WS_FTP Server manager interface.The most severe flaw, CVE-2023-40044, affects all versions of the software, allowing a pre-authenticated attacker to exploit a .NET deserialization vulnerability to run remote commands.

Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS FTP Server software. The company says thousands of IT teams worldwide use its enterprise-grade WS FTP Server secure file transfer software.

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity.