Censys | Breaking Cybersecurity News | The Hacker News

Progress Software on Thursday  disclosed  a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The  new flaw , which is being tracked as CVE-2023-35708 , also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment." The company is urging its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a fix is being prepared to address the weakness. The cloud managed file transfer solution has been fully patched. The revelation comes a week after Progress  divulged  another set of SQL injection vulnerabilities ( CVE-2023-35036 ) that it said could be weaponized to access the application's database content. The vulnerabilities join  CVE-2023-34362 , which was  exploited  as a zero-day by the Clop ransomware gang in data theft attacks

More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine. The  findings  come from attack surface management firm Censys, which  discovered  "two hosts with strikingly similar ransom notes dating back to mid-October 2022, just after ESXi versions 6.5 and 6.7 reached end of life." The first set of infections dates back to October 12, 2022, much earlier than when the campaign  began to gain traction  at the start of February 2023. Then on January 31, 2023, the ransom notes on the two hosts are said to have been updated with a revised version that matches the ones used in the current wave. Some of the crucial differences between the two ransom notes include the use of an onion URL instead of a Tox chat ID, a Proton Mail address at the bottom of the note, and a lower ransom demand (1.05 Bitcoin vs. 2.09 Bitcoin). "Each variant of the ransom notes from

As cloud technology evolves, so does the challenge of securing sensitive data. In a world where data duplication and sprawl are common, organizations face increased risks of non-compliance and unauthorized data breaches. Sentra's DSPM (Data Security Posture Management) emerges as a comprehensive solution, offering continuous discovery and accurate classification of sensitive data in the cloud. This informative webinar, " Securing Sensitive Data Starts with Discovery and Classification: SoFi's DSPM Story " unveils the success story of SoFi, a pioneering cloud-native financial services provider, and its journey with Sentra's DSPM. It explores the challenges and triumphs in securing cloud data and a roadmap to implementing effective DSPM strategies in your organization. Expert Panel: Aviv Zisso:  As Director of Customer Success at Sentra, Aviv brings deep insights into data security needs and solutions. Pritam H Mungse:  SoFi's Director of Product Security, Pr

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which  found  only 26 out of a total of 6,427 servers to be running a  patched version  of Cacti (1.2.23 and 1.3.0). The  issue  in question relates to  CVE-2022-46169  (CVSS score: 9.8), a combination of authentication bypass and command injection that enables an unauthenticated user to execute arbitrary code on an affected version of the open-source, web-based monitoring solution. Details about the flaw, which impacts versions 1.2.22 and below, were first revealed by SonarSource. The flaw was reported to the project maintainers on December 2, 2022. "A hostname-based authorization check is not implemented safely for most installations of Cacti," SonarSource researcher Stefan Schiller  noted  earlier this month, adding "uns