Security News

A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems."An SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database," the company said.

A critical zero-day vulnerability in Progress Software's enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. " could lead to escalated privileges and potential unauthorized access to the environment," the company warned on Wednesday, and advised customers to take action to protect their MOVEit Transfer environment, "While our team produces a patch."

Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations. MOVEit Transfer is a managed file transfer solution developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.

Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway appliances with custom malware and steal data. The company says an ongoing investigation found that the bug was first exploited in October 2022 to gain access to "a subset of ESG appliances" and deploy backdoors designed to provide the attackers with persistent access to the compromised systems.

Barracuda says that the recently discovered compromise of some of it clients' ESG appliances via a zero-day vulnerability resulted in the deployment of three types of malware and data exfiltration.Zeor-day exploited, Barracuda ESG appliances backdoored.

CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway appliances. Federal Civilian Executive Branch Agencies agencies must patch or mitigate the vulnerability as ordered by the BOD 22-01 binding operational directive.

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway appliances. "The vulnerability stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product."

A vulnerability in Barracuda Networks' Email Security Gateway appliances has been exploited by attackers, the company has warned. CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 - 9.2.0.006.

Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway appliances were breached last week by targeting a now-patched zero-day vulnerability. While the flaw was patched over the weekend, Barracuda warned on Tuesday that some of its customers' ESG appliances were compromised by exploiting the now-patched security bug.

Apple have just introduced "Rapid Security Responses." People are reporting that they take seconds to download and require one super-quick reboot. These new Rapid Security Responses were only available for the very latest version of macOS and the latest iOS/iPadOS, which left users of older Macs and iDevices, as well as owners of Apple Watches and Apple TVs, in the dark.