MOVEit managed file transfer (MFT) solution appears to contain a 0-day vulnerability, already exploited by hackers. Progress, the developer of the software solution, already released a note and security advisory regarding the case. What is MOVEit MFT? MOVEit is a software solution that allows convenient and secure data transfer inside the organisation. The product under… Continue reading MOVEit MFT 0-day Vulnerability is Used to Steal Corporate Data
Tag: Exploit
New SLP Vulnerability Allows 2200x DDoS Amplification
A recently-discovered vulnerability in SLP, a legacy network protocol, can be used for disastrous increasing in DDoS-attack efficiency. As researchers say, the use of SMP vulnerability can push the amplification factor of an attack up to 2200 times – an unseen level. What is SLP? First of all, let’s clear things up. SLP, or Service… Continue reading New SLP Vulnerability Allows 2200x DDoS Amplification
Ransomware Actors Target IBM’s Aspera Faspex
File transfer utility Aspera Faspex, developed by IBM, became a riding mare of cybercriminals. A vulnerability discovered in the past year is exploited to deploy various ransomware samples. Key threat actors using that breach are IceFire, Shadowserver and Buhti. The issue allows arbitrary code execution, and touches all app versions before Faspex 4.4.2 PL2. What… Continue reading Ransomware Actors Target IBM’s Aspera Faspex
The aCropalypse Vulnerability Poses a Threat Not Only to Pixel, but Also to Windows
Information security experts have discovered that the aCropalypse vulnerability, which allows restoring the original image edited on a Google Pixel device (using the Markup tool), is turning into a 0-day for Windows. Let me remind you that we also wrote that YouTube Video Causes Pixel Smartphones to Reboot, and also that Information Security Specialists Discovered… Continue reading The aCropalypse Vulnerability Poses a Threat Not Only to Pixel, but Also to Windows
Researcher Publishes RCE Exploit for Critical Vulnerability in Microsoft Word
A proof-of-concept exploit for the CVE-2023-21716 vulnerability in a Microsoft Office product, namely Microsoft Word, has emerged online. This issue has been rated 9.8 out of 10 on the CVSS Vulnerability Scoring Scale and can be used for remote code execution attacks via a malicious RTF file. Let me remind you that we also wrote… Continue reading Researcher Publishes RCE Exploit for Critical Vulnerability in Microsoft Word
Hackers Published an Exploit for a Dangerous Vulnerability in GoAnywhere MFT
Hackers published on the network an exploit for a zero-day vulnerability that is actively used in the GoAnywhere MFT administration console. Fortra, the company behind the GoAnywhere MFT, was forced to release an emergency patch to fix this bug. Let me remind you that we also reported that Exploits for Vulnerabilities in Three Popular WordPress… Continue reading Hackers Published an Exploit for a Dangerous Vulnerability in GoAnywhere MFT
Dangerous RCE Vulnerability in GTA Online Fixed
Rockstar Games has finally released a patch for a dangerous RCE vulnerability in GTA Online that allowed loss of game progress, theft of game money, a ban and other unpleasant consequences. The bug also threatened remote arbitrary code execution on any PC running the game. You might also be interested in reading about 5 Dangers… Continue reading Dangerous RCE Vulnerability in GTA Online Fixed
Cybersecurity Specialists Advise Players Not to Enter Grand Theft Auto (GTA) Online due to a Dangerous Bug
Players of the PC version of Grand Theft Auto (GTA) Online are alarming as a vulnerability has been discovered in the game that can lead to the loss of game progress, theft of game money, a ban and other unpleasant consequences. Modders warn that an exploit for this problem will allow remote code execution through… Continue reading Cybersecurity Specialists Advise Players Not to Enter Grand Theft Auto (GTA) Online due to a Dangerous Bug
Exploits for Vulnerabilities in Three Popular WordPress Plugins Appeared on the Network
Three popular WordPress plugins, with tens of thousands of active installations, at once turned out to have critical SQL injection vulnerabilities. In addition, PoC exploits for these bugs are now publicly available. The vulnerabilities were discovered by Tenable, who notified WordPress developers about them back in mid-December 2022, providing them with proof-of-concept exploits. Currently, plugin… Continue reading Exploits for Vulnerabilities in Three Popular WordPress Plugins Appeared on the Network
Android Devices Can Be Monitored Using Motion Sensors
A group of scientists from five American universities has developed a side-channel EarSpy attack that can be used to eavesdrop on Android devices: recognize the gender and identity of the caller, and also partially parse the contents of the conversation. Eavesdrop can be carried out using motion sensors that are able to capture the reverberation… Continue reading Android Devices Can Be Monitored Using Motion Sensors