August 7, 2024 at 06:42PM Progress Software’s handling of a MOVEit Transfer zero-day flaw, leading to data exposure of 95 million people, was investigated by the SEC. However, in a recent filing, the SEC’s Division of Enforcement will not recommend any enforcement action regarding the security incident. Progress Software still faces numerous class-action lawsuits despite … Read more
June 26, 2024 at 10:59AM Threat actors are actively exploiting a critical authentication bypass flaw in Progress MOVEit Transfer, enabling them to access sensitive data and manipulate file transfers. Exploitation attempts have been observed, with approximately 2,700 internet-exposed instances identified. Mitigation measures, security updates, and patches have been released, urging organizations to take immediate action. … Read more
November 10, 2023 at 11:24AM The State of Maine suffered a breach after threat actors exploited a vulnerability in the MOVEit file transfer tool. Approximately 1.3 million individuals’ personal information was accessed, including names, Social Security numbers, birth dates, driver’s licenses, and health insurance details. Maine’s Department of Health and Human Services and Department of Education were … Read more
November 9, 2023 at 06:09PM A new zero-day exploit has been discovered that uses a vulnerability in on-premises deployments of SysAid IT Support software to deploy Clop ransomware. Microsoft has announced the flaw and SysAid has issued a patch. The threat actor behind the exploit is Lace Tempest, known for deploying Clop ransomware. Enterprise teams … Read more
November 9, 2023 at 09:33AM Threat actors are exploiting a zero-day vulnerability in SysAid software to gain unauthorized access to corporate servers for data theft and ransomware deployment. The vulnerability, currently known as CVE-2023-47246, was used by a threat actor group called Lace Tempest to deploy Clop ransomware. SysAid has developed a patch and urges … Read more