Security News

Organizations have made progress in the past 12 months related to advancing their OT security posture, but there are still critical areas for improvement as IT and OT network environments continue...

Security researchers have published a proof-of-concept exploit that chains together two vulnerabilities to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and delivery/distribution.

Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers. Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month.

Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and...

While digital trust overwhelmingly remains a critical focus for all enterprises, the latest report from DigiCert shines a light on the growing divide between the 'leaders', and the 'laggards'. The top 33% digital 'trust leaders' enjoyed higher revenue, better digital innovation and higher employee productivity.

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission now investigating the matter, and lots of affected parties seeking compensation. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "Various documents and information relating to the MOVEit Vulnerability."

As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive, sheds light on the challenges and possible solutions to the cybersecurity threats that modern vehicles encounter.

Infosec in brief Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for another file-handling product: WS FTP. We're told this software's ad hoc transfer module and WS FTP's server management interface were found to have eight vulnerabilities, with CVSS severity scores ranging from 5.3 all the way to 10 out of 10. At their most severe, all versions of WS FTP Server prior to 8.7.4 and 8.8.2 are vulnerable to a.NET deserialization attack from a pre-authenticated attacker.

Progress Software has issued hotfixes for a critical security vulnerability (with a maximum CVSS score of 10.0) and seven other flaws in its WS_FTP Server Ad hoc Transfer Module and WS_FTP Server manager interface.The most severe flaw, CVE-2023-40044, affects all versions of the software, allowing a pre-authenticated attacker to exploit a .NET deserialization vulnerability to run remote commands.