MOVEit vulnerability ensnares more victims

Some organizations have been impacted due to their direct use of MOVEit while others have been exposed by third-party vendors.

By Matt Kapko • June 27, 2023

Big names disclose MOVEit-related breaches, including PwC, EY and Genworth Financial

More than 100 organizations have been hit as part of the MOVEit attack campaign, including PBI Research Services, which exposed millions of customer data files to theft. 

By David Jones • June 23, 2023

Progress Software faces federal class action lawsuits as MOVEit breach exposure widens

Louisiana residents allege their personal financial information was put at risk after the state's motor vehicles department had data exposed in the MOVEit data breach. 

By David Jones • June 21, 2023

US puts $10M bounty on Clop as federal agencies confirm data compromises

Additional private sector companies have disclosed attacks after multiple vulnerabilities were found in MOVEit Transfer software.

By David Jones • June 20, 2023

Another MOVEit vulnerability found, as state and federal agencies reveal breaches

The third vulnerability since Progress Software first disclosed a MOVEit Transfer zero day arrived just as CISA officials said a “small number” of federal agencies were impacted. 

By Naomi Eide • June 16, 2023

Clop names a dozen MOVEit victims, but holds back details

As its deadline expired, the ransomware group released the first batch of victim organizations, most of which were U.S.-based, ReliaQuest found.

By Naomi Eide • June 15, 2023

Barracuda ESG devices actively exploited in broad, ongoing espionage campaign

The campaign is the broadest by a China-nexus actor since the mass exploitation of Microsoft Exchange in 2021, Mandiant researchers said.

By David Jones • Updated June 15, 2023

MOVEit customers on high alert as Clop’s deadline expires

As more compromised organizations come forward, one risk analysis firm is pushing the timeline for the vulnerability back years.

By Matt Kapko • June 14, 2023

Fortinet urges firmware upgrades after critical vulnerability at risk of malicious attacks

The warning comes just weeks after the company was linked to the Volt Typhoon campaign against U.S. critical infrastructure targets.

By David Jones • June 13, 2023

Barracuda urges customers to replace compromised ESG appliances immediately

The retirement of all compromised ESG appliances is akin to an admission the company could not remove threat actor access and recover the devices for customers.

By Matt Kapko • June 9, 2023

Clop claims hundreds of MOVEit vulnerability victims

The prolific threat actor is responsible for two of the three high-profile, actively exploited vulnerabilities in file-transfer services so far this year.

By Matt Kapko • June 8, 2023

What we know about the MOVEit vulnerabilities and compromises

Active exploits already resulted in a follow-on attack that’s impacted multiple organizations. Threat hunters are on guard and anticipate more victims.

By Matt Kapko • Updated June 12, 2023

Worries mount for MOVEit vulnerability, as likelihood of compromise expands

MOVEit has customers across highly regulated industries, exemplifying the potential damage among government, finance and healthcare organizations.

By Matt Kapko • June 5, 2023

MOVEit zero-day vulnerability under active exploit, data already stolen

Mandiant found evidence of attacks over Memorial Day weekend and said it’s possible earlier instances of exploitation may still be uncovered.

By Matt Kapko • June 1, 2023

Barracuda zero-day vulnerability exploited for 7 months before detection

The latest disclosure increases the potential for widespread compromise for customers using the security vendor’s email security gateway appliances.

By Matt Kapko • May 31, 2023

Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure

Key sectors could face short-term revenue impacts and long-term reputational harm and litigation risk, the credit ratings service said.

By David Jones • May 31, 2023

Barracuda patches actively exploited zero-day vulnerability in email gateways

The security vendor declined to answer questions about how many customers were impacted and what, if any, customer data was compromised.

By Matt Kapko • May 25, 2023

KeePass master password manager at risk as users await patch

The exploit only works if the master password is typed directly into KeePass. However, a patch won’t be available for weeks.

By Matt Kapko • May 23, 2023

VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns

Ransomware groups continue to target VMware because they know the virtualization infrastructure is vulnerable and lacks security tools, threat researchers said.

By Matt Kapko • May 16, 2023

Costs of software supply chain attacks could exceed $46B this year

Losses attributed to software supply chain attacks will jump 76%, reaching almost $81 billion by 2026, according to Juniper Research.

By Matt Kapko • May 12, 2023

PaperCut actively exploited by multiple threat actors, targeting education sector

Education is a key market for the print management software, which threat actors have targeted since mid-April. 

By Matt Kapko • May 12, 2023

Is cybersecurity doing enough to prevent the next Colonial Pipeline attack?

Two years have passed since the Colonial Pipeline incident, but critical infrastructure providers aren’t doing enough to proactively mitigate attacks. 

By Matthew Parsons, Brian Knudtson and Alex Reid • May 8, 2023

Most open source maintainers still consider themselves hobbyists, despite compensation pledges

A study by Tidelift shows a compensation gap for the key producers of open source applications, raising questions about how to properly secure software supply chains.

By David Jones • May 2, 2023

OpenAI adds more data privacy guardrails for ChatGPT

The company is allowing users to turn off chat history and export data as it seeks to reach enterprise customers.

By Lindsey Wilkinson • April 26, 2023

More than 2K organizations at risk of major attacks linked to SLP vulnerability

Over 54,000 SLP-speaking instances and 670 product types are vulnerable, researchers from BitSight and Curesec found, including VMware ESXi Hypervisor. 

By David Jones • April 25, 2023