Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now!

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now!,

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.
The vulnerability, tracked as CVE-2023-27997, is « reachable pre-authentication, on every SSL VPN appliance, » Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend.
Details

,

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.
The vulnerability, tracked as CVE-2023-27997, is « reachable pre-authentication, on every SSL VPN appliance, » Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend.
Details

, ,
https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html

Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs

Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs

,

Apple is introducing major updates to Safari Private Browsing, offering users better protections against third-party trackers as they browse the web.
« Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track or identify a user’s device, » the iPhone maker said.
« Private Browsing now locks when not in use, allowing a user

,

Apple is introducing major updates to Safari Private Browsing, offering users better protections against third-party trackers as they browse the web.
« Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track or identify a user’s device, » the iPhone maker said.
« Private Browsing now locks when not in use, allowing a user

, ,
https://thehackernews.com/2023/06/apples-safari-private-browsing-now.html

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies,

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER.
« SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities, » Elastic Security Labs said in a Friday report.
The

,

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER.
« SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities, » Elastic Security Labs said in a Friday report.
The

, ,
https://thehackernews.com/2023/06/new-spectralviper-backdoor-targeting.html

New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered – Patch Now!

New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered – Patch Now!,

Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information.
« Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain

,

Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information.
« Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain

, ,
https://thehackernews.com/2023/06/new-critical-moveit-transfer-sql.html

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants,

Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed.
« The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations, » the tech giant disclosed in a Thursday

,

Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed.
« The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations, » the tech giant disclosed in a Thursday

, ,
https://thehackernews.com/2023/06/microsoft-uncovers-banking-aitm.html

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions,

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020.
« It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe, » ESET said in an analysis published Thursday. « Asylum Ambuscade also does espionage against government entities in Europe

,

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020.
« It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe, » ESET said in an analysis published Thursday. « Asylum Ambuscade also does espionage against government entities in Europe

, ,
https://thehackernews.com/2023/06/asylum-ambuscade-cybercrime-group-with.html

5 Reasons Why Access Management is the Key to Securing the Modern Workplace

5 Reasons Why Access Management is the Key to Securing the Modern Workplace,

The way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – as you likely know from your own life – has led to superhuman levels of productivity that we wouldn’t ever want to give up. But moving fast comes at a cost. And for

,

The way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – as you likely know from your own life – has led to superhuman levels of productivity that we wouldn’t ever want to give up. But moving fast comes at a cost. And for

, ,
https://thehackernews.com/2023/06/5-reasons-why-access-management-is-key.html

Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks

Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks,

A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa.
« Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information, » cybersecurity company Check Point said in a

,

A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa.
« Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information, » cybersecurity company Check Point said in a

, ,
https://thehackernews.com/2023/06/stealth-soldier-new-custom-backdoor.html

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation,

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems.
The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component.
« An attacker who successfully exploited this vulnerability could gain

,

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems.
The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component.
« An attacker who successfully exploited this vulnerability could gain

, ,
https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html

Clop Ransomware Gang Likely Exploiting MOVEit Transfer Vulnerability Since 2021

Clop Ransomware Gang Likely Exploiting MOVEit Transfer Vulnerability Since 2021,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software’s MOVEit Transfer application to drop ransomware.
« The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection

,

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software’s MOVEit Transfer application to drop ransomware.
« The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection

, ,
https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html