The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges.
Follow Dark Reading:
 June 26, 2024
LATEST SECURITY NEWS & COMMENTARY
Fresh MOVEit Bug Under Attack Mere Hours After Disclosure
The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges.
Threat Actor May Have Accessed Sensitive Info on CISA Chemical App
An unknown adversary compromised a CISA app containing the data via a vulnerability in the Ivanti Connect Secure appliance this January.
'ChamelGang' APT Disguises Espionage Activities With Ransomware
The China-nexus cyber-threat actor has been operating since at least 2019 and has notched victims in multiple countries.
WordPress Supply Chain Attack Spreads Across Multiple Plug-ins
Injected malicious JavaScript code gives attackers administrator rights on websites, and fills sites with SEO spam.
Key Takeaways From the British Library Cyberattack
Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks.
(Sponsored Article) A Watershed Moment for Threat Detection and Response
Cloud attackers are outpacing the capabilities of endpoint detection and response, so organizations must transition to more advanced cloud detection and response.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
'P2PInfect' Worm Grows Teeth With Miner, Ransomware & Rootkit
For a while, the botnet spread but did essentially nothing. All the malicious payloads came well after.

The NYSE's $10M Wake-up Call
The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight.

Multifactor Authentication Is Not Enough to Protect Cloud Data
Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication.

CISO Corner: Critical Infrastructure Misinformation; France's Atos Bid
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Inside China's civilian hacker army; outer space threats; and NIST 2.0 Framework secrets for success.

Understanding Security's New Blind Spot: Shadow Engineering
In the rush to digital transformation, many organizations are exposed to security risks associated with citizen developer applications without even knowing it.

MORE
PRODUCTS & RELEASES
Abstract Security Announces General Availability of its AI-Powered Data Streaming Platform for Security
FS-ISAC Announces Appointments to Global Board of Directors
VicOne Solutions for Detection of Zero-Day Vulnerabilities and Contextualized Attack Paths
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
CDK Attack: Why Contingency Planning Is Critical for SaaS Customers
Daily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week.
LATEST FROM THE EDGE

How Cybersecurity Can Steer Organizations Toward Sustainability
By integrating environmental initiatives, social responsibility, and governance into their strategies, security helps advance ESG goals.
LATEST FROM DR TECHNOLOGY

What Building Application Security Into Shadow IT Looks Like
AppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months?
LATEST FROM DR GLOBAL

Indonesia Refuses to Pay $8M Ransom After Cyberattack
More than 200 regional and national government agencies have been impacted by the ransomware attack, and few of them are once again operational.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us