Pulse of Truth

Multiple vulnerabilities have been discovered in MOVEit products, which could allow for authentication bypass.

MOVEit Gateway acts as a proxy between inbound connections from the public network and your internal trusted network. MOVEit Transfer is a secure managed file transfer application.

Successful exploitation of these vulnerabilities could allow for an attacker to bypass authentication. An attacker could then view, change, or delete data; or create new accounts with full user rights.

Microsoft vows to make more changes facing EU fine over Teams bundling.

The FBI is warning of cybercriminals posing as law firms and lawyers that offer cryptocurrency recovery services to victims of investment scams and steal funds and personal information. [...]

As originally reported by Forbes, due to a high-severity vulnerability, Google has warned federal employees to update their Pixel devices before 4th July, or else they should stop using the device. This warning—CVE-2024-32896—is a part of the Known Exploited Vulnerabilities (KEV) catalog managed by CISA (Cybersecurity…Read more...

'Congress has effectively gutted it as part of a backroom deal' Analysis  Introduced in April, the American Privacy Rights Act (APRA) was - in the words of its drafters - "the best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information."…

Comments

WikiLeaks co-founder Julian Assange has been released from prison in the UK and will be allowed to return to his home country of Australia after he pleads guilty to illegally disseminating national security material in the U.S., according to a surprising new report from NBC News. Read more...

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server," Wordfence security researcher Chloe Chamberland said in a Monday alert.

Ransomware group reportedly told the U.S. government that it has until tomorrow to negotiate a deal or they will make the data public.

The Windows ecosystem was traditionally designed to treat users fairly, offering unprecedented openness and software backward compatibility that turned a "simple" OS into a major force in the technology and computing world. However, fairness, compatibility, and openness are now somewhat obsolete concepts, as Big Tech proactively harvest users' data to...Read Entire Article

Clothing company Levi Strauss said some 72,000 customer accounts have come under attack from threat actors.

Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. [...]

Threat actors breached 1,590 cryptocurrency wallets of the cryptocurrency portfolio management and tracking platform CoinStats. The cryptocurrency portfolio management and tracking platform CoinStats suffered a massive security breach. Alleged North Korea threat actors have compromised 1,590 cryptocurrency wallets. CoinStats allows users to monitor their cryptocurrency holdings across various exchanges and wallets in a single platform. […]

AppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months?

Comments

About a thousand vulnerable instances still exposed online, we're told A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet.…

Disrupting immigration checks.

CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. [...]

The company’s App Store policies are illegal under the European Union’s Digital Markets Act, according to regulators in Brussels.

Organizations continue to struggle in detecting breaches as they become more targeted and sophisticated, with more than 1 out of 3 organizations citing their existing security tools were unable to detect breaches when they occur, according to Gigamon. As hybrid cloud environments grow in complexity and bad actors launch a barrage of unseen attacks, 65% of respondents believe that their existing solutions cannot effectively detect breaches. Organizations struggle in detecting breaches Security and IT leaders … More → The post 1 out of 3 breaches go undetected appeared first on Help Net Security.

Earlier this year Europcar discovered a hacker selling info on its 50 million customers on the dark web. The European car rental company immediately launched an investigation, only to discover that the data being sold was completely doctored, possibly using generative AI. Why fake a data breach? The most obvious reason why hackers are selling fake data is because there is money to be made. When you think of it, it is like a criminal … More → The post Why are threat actors faking data breaches? appeared first on Help Net Security.

Notorious cybercriminal Intelbroker has made another eyebrow-raising claim on dark web forum BreachForums following its report of breaking into AMD last week. A day later, the group said it also compromised Apple, stealing its source code for internal tools, including AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin, as well as employees' personally identifiable...Read Entire Article