June 27, 2024 at 01:42PM Attackers have intensified attacks on Progress Software’s MOVEit file transfer application by exploiting new vulnerabilities, posing a significant threat to affected organizations. Despite available patches, organizations face challenges in quickly applying them due to the potential for adversaries to target their systems. A proof-of-concept exploit is in the wild, highlighting … Read more
June 26, 2024 at 11:21AM A critical security flaw CVE-2024-5806 impacting Progress Software MOVEit Transfer enables attackers to bypass SFTP authentication, with exploitation attempts already reported. Researchers emphasize risks and urge immediate action, including patching and restricting server access. The flaw affects numerous systems worldwide, making prompt updates essential. CISA also disclosed a recent cybersecurity … Read more
June 26, 2024 at 09:35AM Progress Software revealed new vulnerabilities affecting MOVEit Transfer and Gateway, including critical authentication bypass-style flaws with a severity score of 9.1. Last year’s breaches affected 2,773 organizations, prompting an embargo on the information until June 25 to allow for patching. The vulnerabilities could lead to file-less attacks and should be … Read more
June 26, 2024 at 06:05AM Progress Software announced patches for two critical authentication bypass vulnerabilities affecting its MOVEit Transfer file transfer software. CVE-2024-5805 and CVE-2024-5806 were identified, with the latter already targeted by exploitation attempts. The company enacted patches for both, with further mitigations for CVE-2024-5806’s third-party component vulnerability, amidst heightened security concerns. After reviewing … Read more
June 25, 2024 at 05:59PM A critical security flaw in Progress Software’s MOVEit Transfer enables attackers to bypass authentication protocols and has been actively exploited shortly after being disclosed. The vulnerability, CVE-2024-5806 with CVSS 7.4, affects specific versions of MOVEit Transfer. Urgent patching is recommended due to the potential for cybercriminal exploitation and compromise of … Read more
June 14, 2024 at 06:39AM CISA warns federal agencies of ongoing exploitation of CVE-2024-4358, a recently patched authentication bypass vulnerability in Progress Software’s Telerik Report Server. The bug allows attackers to create a new administrator user, manipulate authentication tokens, and achieve remote code execution. CISA urges identifying and mitigating vulnerable instances within three weeks. Key … Read more
June 4, 2024 at 11:07AM Progress Software has released updates to address a critical security flaw in Telerik Report Server, allowing potential bypass of authentication and creation of rogue administrator users. Tracked as CVE-2024-4358, the flaw carries a high CVSS score of 9.8. Users are urged to update to version 2024 Q2 and review user … Read more
June 4, 2024 at 08:39AM A critical vulnerability (CVE-2024-4358, CVSS 9.8) in Progress Software’s Telerik Report Server allows remote attackers to bypass authentication, creating an admin user. An exploited deserialization flaw (CVE-2024-1800) enables remote code execution. Progress addressed both vulnerabilities in version 2024 Q1 (10.0.24.305). Users should update promptly to prevent exploitation. Based on the … Read more
June 3, 2024 at 02:01PM Researchers have demonstrated a chained remote code execution vulnerability on Progress Telerik Report Servers. The exploit, developed by Sina Kheirkha with assistance from Soroush Dalili, involves an authentication bypass and deserialization issue. Urgent updates (Telerik Report Server 2024 Q2 10.1.24.514 or later) are recommended. Progress Software’s history warrants prompt action … Read more
May 8, 2024 at 06:24AM The University System of Georgia informs 800,000 individuals about the compromise of their personal and financial data in the May 2023 MOVEit hack. The data breach, linked to a ransomware group, affects over 2,000 organizations and around 60 million individuals. USG is offering affected individuals one year of free credit … Read more