Security News

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
2024-06-25 18:08

Progress Software has patched one critical and one high-risk vulnerability in MOVEit, its widely used managed file transfer software product. CVE-2024-5805 is an improper authentication vulnerability in MOVEit Gateway, which serves as a proxy so that MOVEit Transfer - the actual managed file transfer software - can receive inbound connections when deployed behind a firewall.

Improving OT cybersecurity remains a work in progress
2024-06-20 03:30

Organizations have made progress in the past 12 months related to advancing their OT security posture, but there are still critical areas for improvement as IT and OT network environments continue...

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
2024-06-04 14:39

Security researchers have published a proof-of-concept exploit that chains together two vulnerabilities to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and delivery/distribution.

Exploit for critical Progress Telerik auth bypass released, patch now
2024-06-03 17:58

Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers. Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)
2024-04-24 11:52

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability in Flowmon, Progress Software's network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month.

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
2024-03-11 06:28

Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and...

Enterprises’ progress in digital trust implementation is far from great
2024-02-27 04:30

While digital trust overwhelmingly remains a critical focus for all enterprises, the latest report from DigiCert shines a light on the growing divide between the 'leaders', and the 'laggards'. The top 33% digital 'trust leaders' enjoyed higher revenue, better digital innovation and higher employee productivity.

Regulator, insurers and customers all coming for Progress after MOVEit breach
2023-10-16 02:58

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission now investigating the matter, and lots of affected parties seeking compensation. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "Various documents and information relating to the MOVEit Vulnerability."

Automotive cybersecurity: A decade of progress and challenges
2023-10-09 04:30

As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive, sheds light on the challenges and possible solutions to the cybersecurity threats that modern vehicles encounter.

Now MOVEit maker Progress patches holes in WS_FTP
2023-10-01 21:51

Infosec in brief Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for another file-handling product: WS FTP. We're told this software's ad hoc transfer module and WS FTP's server management interface were found to have eight vulnerabilities, with CVSS severity scores ranging from 5.3 all the way to 10 out of 10. At their most severe, all versions of WS FTP Server prior to 8.7.4 and 8.8.2 are vulnerable to a.NET deserialization attack from a pre-authenticated attacker.