enterprise security | Breaking Cybersecurity News | The Hacker News

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. "An SQL injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data," Fortra said in an advisory published Tuesday. "Likely impacts include creation of administrative users and deletion or modification of data in the application database." It also emphasized that successful unauthenticated exploitation requires a Workflow system with anonymous access enabled. Alternatively, it can also be abused by an authenticated user. Users who cannot apply the patches immediately can disable the vulnerable servlets – csv_servlet, pdf_servlet, xml_servlet, and json_servlet – in

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.6, and  From 2024.0.0 before 2024.0.2 "Improper authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass," the company said in an advisory released Tuesday. Progress has also addressed another critical SFTP-associated authentication bypass vulnerability (CVE-2024-5805, CVSS score: 9.1) affecting MOVEit Gateway version 2024.0.0. Successful exploitation of the flaws could allow attackers to bypass SFTP authentication and gain access to MOVEit Transfer and Gateway systems. watchTowr Labs has since published additional technical specifi

Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year's report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial Exposure Validation (AEV). These category definitions are aimed at providing some structure to the evolving landscape of exposure management technologies. Pentera, listed as a sample vendor in the newly defined AEV category, is playing a pivotal role in increasing the adoption of CTEM, with a focus on security validation. Following is our take on the CTEM related product categories and what they mean for enterprise security leaders. The Industry is Maturing CTEM, coined by Gartner in 2022, presents a structural approach for continuously assessing, prioritizing, validating, and remediating expo

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console ( MMC ) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact (" sccm-updater.msc ") that was uploaded to the VirusTotal malware scanning platform on June 6, 2024. "When a maliciously crafted console file is imported, a vulnerability in one of the MMC libraries can lead to running adversary code, including malware," the company said in a statement shared with The Hacker News. "Attackers can combine this technique with DotNetToJScript to gain arbitrary code execution, which can lead to unauthorized access, system takeover and more." The use of uncommon file types as a malware distribution vector is seen as an alternative attempt by adversaries to get around security guardrails erected

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2 HF 1, it was addressed by the company in version Serv-U 15.4.2 HF 2 (15.4.2.157) released earlier this month. The list of products susceptible to CVE-2024-28995 is below - Serv-U FTP Server 15.4 Serv-U Gateway 15.4 Serv-U MFT Server 15.4, and Serv-U File Server 15.4 Security researcher Hussein Daher of Web Immunify has been credited with discovering and reporting the flaw. Following the public disclosure, additional technical details and a proof-of-concept (PoC) exploit have since been made available. Cybersecurity firm Rapid7 described the vulnerability as trivial to exploit

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA). Despite economic instability and major job cuts in 2023, organizations drastically increased investment in SaaS security. In fact, the survey found, enterprises added headcount to SaaS security in 2023, increasing SaaS security staff by 56%, as well as increasing budgets by 39%. Figure 1: How investment in SaaS security has shifted from 2022 to 2023 The fourth annual SaaS security survey , "2025 CISO Plans and Priorities," was conducted by the CSA and commissioned by SaaS security leader Adaptive Shield . A total of 478 global security professionals participated in the survey, across all verticals. The survey shares their perspective on SaaS security successes and challenges as CISOs prepare t

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise. Cato's Cyber Threat Research Lab (Cato CTRL, see more details below) has recently released its first SASE threat report , offering a comprehensive view of and insights into enterprise and network threats. This is based on Cato's capabilities to analyze networks extensively and granularly (see report sources below).  About the Report The SASE Threat Report covers threats across a strategic, tactical and operational standpoint, utilizing the MITRE ATT&CK framework. It includes malicious and suspicious activities, as well as the applications, protocols and tools running on the networks. The report is based on: Granular data on every traffic flow from every endpoint communica

Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919 (CVSS score: 8.6), the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. "The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled," Check Point said . Hotfixes are available in the following versions - Quantum Security Gateway and CloudGuard Network Security Versions - R81.20, R81.10, R81, R80.40 Quantum Maestro and Quantum Scalable Chassis - R81.20, R81.10, R80.40, R80.30SP, R80.20SP Quantum Spark Gateways Version - R81.10.x, R80.20.x, R77.20.x The development comes days after the Israeli cybersecurity company warned of attacks targeting its VPN devices to infiltrate enterprise networks. "By May 24, 2024, we identi

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as  CVE-2024-29849  (CVSS score: 9.8), the  vulnerability  could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. The company has also disclosed three other shortcomings impacting the same product - CVE-2024-29850  (CVSS score: 8.8), which allows account takeover via NTLM relay CVE-2024-29851  (CVSS score: 7.2), which allows a privileged user to steal NTLM hashes of a Veeam Backup Enterprise Manager service account if it's not configured to run as the default Local System account CVE-2024-29852  (CVSS score: 2.7), which allows a privileged user to read backup session logs All the flaws have been addressed in version 12.1.2.172. However, Veeam noted that deploying Veeam Backup Enterprise Manager is o

While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure – with relative ease. Transitioning from VMware vSphere to Microsoft Azure requires careful planning and execution to ensure a smooth migration process. In this guide, we'll walk through the steps involved in moving your virtualized infrastructure to the cloud giant, Microsoft Azure. Whether you're migrating your entire data center or specific workloads, these steps will help you navigate the transition effectively. 1. Assess Your Environment: Before diving into the migration process, assess your current VMware vSphere environment thoroughly. Identify all virtual machines (VMs), dependencies, and resource

A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server  IP address  has been previously identified as associated with the malware. RedLine Stealer,  first documented  in March 2020, is typically delivered via email and malvertising campaigns, either directly or via  exploit kits  and loader malware like  dotRunpeX  and  HijackLoader . The off-the-shelf malware is capable of harvesting information from cryptocurrency wallets, VPN software, and web browsers, such as saved credentials, autocomplete data, credit card information, and geolocations based on the victims' IP addresses. Over the years, RedLine Stealer has been co-opted by several threat actors into their attack chains, making it a prevalent strain spanning North America, South America,

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests," the company  said  in an advisory. The vulnerability, tracked as CVE-2023-48788, carries a CVSS rating of 9.3 out of a maximum of 10. It impacts the following versions - FortiClientEMS 7.2.0 through 7.2.2 (Upgrade to 7.2.3 or above) FortiClientEMS 7.0.1 through 7.0.10 (Upgrade to 7.0.11 or above) Horizon3.ai, which  plans  to release additional technical details and a proof-of-concept (PoC) exploit next week, said the shortcoming could be exploited to obtain remote code execution as SYSTEM on the server. Fortinet has credited Thiago Santana from the Forticlient

As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps are often seen in outdated spreadsheets that are used to track and manage asset inventory, configurations, vulnerabilities, and more. Ultimately, this increases organizational risk while stifling efficiency and productivity. That's why unified security and endpoint management has gained ground, as noted in  Gartner's Hype Cycle for Endpoint Security, 2022 . As part of the market's need to gain a clearer, real-time picture of their devices and security posture, Syxsense launched its Enterprise platform last year to address the three key elements of endpoint management and security: vulnerabilities, patch, and compliance. Ac

A pair of serious security defects has been disclosed in the Trusted Platform Module ( TPM ) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities,  CVE-2023-1017 , concerns an out-of-bounds write, while the other,  CVE-2023-1018 , is described as an out-of-bounds read. Credited with discovering and reporting the issues in November 2022 is cybersecurity company Quarkslab. "These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group (TCG)  said  in an advisory. Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws, Quarkslab  noted , adding they "could affect billions of devices." TPM is a hardware-based solution (i.e., a crypto-pro