Security News

Regulator, insurers and customers all coming for Progress after MOVEit breach

2023-10-16 02:58

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission now investigating the matter, and lots of affected parties seeking compensation. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "Various documents and information relating to the MOVEit Vulnerability."

#breach #moveit #progress #regulator

Automotive cybersecurity: A decade of progress and challenges

2023-10-09 04:30

As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive, sheds light on the challenges and possible solutions to the cybersecurity threats that modern vehicles encounter.

#automotive #cybersecurity #progress

Now MOVEit maker Progress patches holes in WS_FTP

2023-10-01 21:51

Infosec in brief Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for another file-handling product: WS FTP. We're told this software's ad hoc transfer module and WS FTP's server management interface were found to have eight vulnerabilities, with CVSS severity scores ranging from 5.3 all the way to 10 out of 10. At their most severe, all versions of WS FTP Server prior to 8.7.4 and 8.8.2 are vulnerable to a.NET deserialization attack from a pre-authenticated attacker.

#moveit #progress

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

2023-09-29 06:15

Progress Software has issued hotfixes for a critical security vulnerability (with a maximum CVSS score of 10.0) and seven other flaws in its WS_FTP Server Ad hoc Transfer Module and WS_FTP Server manager interface.The most severe flaw, CVE-2023-40044, affects all versions of the software, allowing a pre-authenticated attacker to exploit a .NET deserialization vulnerability to run remote commands.

#server #progress #security #CVE-2023-40048 #CVE-2023-40045 #CVE-2022-27665 #CVE-2023-42657 #CVE-2023-40047 #CVE-2023-40046 #CVE-2023-40044 #CVE-2023-40049

Progress warns of maximum severity WS_FTP Server vulnerability

2023-09-28 22:02

Progress Software, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS FTP Server software. The company says thousands of IT teams worldwide use its enterprise-grade WS FTP Server secure file transfer software.

#progress #server #vulnerability #CVE-2023-40044

Balancing cybersecurity with convenience and progress

2023-09-25 04:00

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity.

#cybersecurity #progress

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}