GoAnywhere MFT customers confront yet another critical file-transfer CVE

File-transfer services, including GoAnywhere, were widely exploited by ransomware threat groups in 2023.

By Matt Kapko • Jan. 24, 2024

Atlassian Confluence Data Center under active exploitation in older versions

Security researchers warn that attacks are rapidly accelerating in recent days.

By David Jones • Jan. 23, 2024

CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities

Civilian agencies are under threat following a surge in nation-state linked exploitation of Ivanti Connect Secure and Ivanti Policy Secure devices.

By David Jones • Jan. 19, 2024

CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages

The federal agency’s early warning system notified organizations across multiple critical infrastructure sectors of potential impending attacks.

By Matt Kapko • Jan. 19, 2024

Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative

A suspected state-linked hacker is manipulating an integrity tool used to check systems as customers still await an initial patch.

By David Jones • Jan. 19, 2024

Citrix warns of limited exploitation in a pair of Netscaler zero days

The company said the vulnerabilities are unrelated to CitrixBleed, but urged customers to immediately apply fixes to protect their systems.

By David Jones • Jan. 18, 2024

Progress Software shakes off MOVEit’s financial consequences, maintains customers

Executives described the file-transfer service as one of its stronger performing products and said customers remain loyal.

By Matt Kapko • Jan. 18, 2024

Ivanti Connect Secure exploitation accelerates, 1,700 devices compromised worldwide

Researchers warn additional threat actors are actively working to take advantage of two chained together vulnerabilities.

By David Jones • Jan. 17, 2024

Progress Software’s MOVEit meltdown: uncovering the fallout

Businesses use the file-transfer service because it checks the compliance boxes for keeping data safe. Though initial attacks were targeted, thousands of bystanding businesses were hit indiscriminately.

By Matt Kapko , Julia Himmel • Jan. 16, 2024

Ivanti Connect Secure attacks part of deliberate espionage operation

Researchers warn the previously unknown actor has developed custom malware designed to maintain persistent access on targeted networks and evade detection.

By David Jones • Jan. 12, 2024

Ivanti Connect Secure devices face active exploitation, patch schedule staggered

Unauthenticated attackers can take control of systems by exploiting the zero days, which a suspected state-linked threat actor is chaining together. 

By David Jones • Jan. 11, 2024

Apache OFBiz critical CVE leads to surge in exploitation attempts

A patch for a prior vulnerability failed to resolve the root cause of an issue, leading to additional threat activity.

By David Jones • Jan. 5, 2024

CISA seeks comment on secure by design principles to boost global software security

The agency issued an RFI seeking industry input on costs, how to incorporate security into higher education and how to reduce recurring security vulnerabilities.

By David Jones • Dec. 21, 2023

Comcast’s Xfinity discloses massive data breach linked to CitrixBleed vulnerability

The breach, involving 35.9 million customers, took place just a week after Citrix released a patch for a critical flaw.

By David Jones • Dec. 19, 2023

State-linked cyber actors behind SolarWinds plant seeds for new malicious campaign

U.S. authorities are raising alarms that the 2020 Sunburst attack threat actors are exploiting a CVE in JetBrains TeamCity in preparation for future supply chain compromises.

By David Jones • Dec. 15, 2023

CitrixBleed isn’t going away: Security experts struggle to control critical vulnerability

While officials echo urgent mitigation steps to contain the zero-day vulnerability, high-profile organizations continue to bear the impact.

By David Jones • Dec. 14, 2023

2 years on, Log4j still haunts the security community

Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions. 

By David Jones • Dec. 8, 2023

Progress Software discloses 2 new CVEs in MOVEit

The latest set of vulnerabilities in the file-transfer service brings the total number of disclosed CVEs to eight since a zero-day was widely exploited in late May.

By Matt Kapko • Dec. 7, 2023

CISA performance goals program trims exploited CVEs

Organizations enrolled in the agency’s vulnerability scanning program are showing improved security, but the reduction in exploitable internet-facing services is incremental.

By David Jones • Dec. 6, 2023

Dozens of credit unions confront outages linked to third-party ransomware attack

CitrixBleed ensnared another industry, leading to a network incident at Ongoing Operations, which provides business continuity services.

By Matt Kapko • Dec. 4, 2023

Yet again, threat actors exploit a critical file-transfer service CVE

File-transfer services are prime targets and vulnerabilities in the open source ownCloud mark the latest in a series of critical services under attack.

By Matt Kapko • Updated Dec. 1, 2023

CitrixBleed worries mount as nation state, criminal groups launch exploits

LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.

By David Jones • Nov. 22, 2023

5 Juniper CVEs actively exploited in the wild

The vendor warned the Junos OS vulnerabilities can be chained to remotely execute code.

By Matt Kapko • Nov. 15, 2023

File-transfer services, rich with sensitive data, are under attack

A trio of supply-chain attacks in 2023 created turmoil for thousands of corporate victims and their customers.

By Matt Kapko • Nov. 14, 2023

CitrixBleed sparks race to patch, hunt for malicious activity

CISA urged organizations to patch, mitigate and report any positive findings as Citrix NetScaler ADC and NetScaler Gateway users remain exposed to session hijack.

By David Jones • Nov. 8, 2023