Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software

In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request. [TechWeb]( Follow Dark Reading: [RSS]( October 02, 2023 LATEST SECURITY NEWS & COMMENTARY [Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software]( In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request. [DHS: Physical Security a Concern in Johnson Controls Cyberattack]( An internal memo cites DHS floor plans that could have been accessed in the breach. [Cybersecurity Gaps Plague US State Department, GAO Report Warns]( The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it's harboring. [Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain]( The Israeli company developed highly-targeted, mobile malware that would make any APT jealous. [People Still Matter in Cybersecurity Management]( Cybersecurity's constant stream of shiny new things shouldn't distract managers from their focus on the people they're protecting. [Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files]( Images purporting to be of the Armenia and Azerbaijan conflict were malware downloaders in disguise. [(Sponsored Article) Evaluating New Partners and Vendors From an Identity Security Perspective]( Before working with new vendors, it's important to understand the potential risks they may pose to your digital environments. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Johnson Controls International Disrupted by Major Cyberattack]( The company filed with the SEC and is assessing its operations and financial damages. [New Cisco IOS Zero-Day Delivers a Double Punch]( The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack. [How the Okta Cross-Tenant Impersonation Attacks Succeeded]( Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you. [4 Legal Surprises You May Encounter After a Cybersecurity Incident]( Many organizations are not prepared to respond to all the constituencies that come knocking after a breach or ransomware incident. [MORE]( EDITORS' CHOICE [Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain]( CISA announces it will furlough more than 80% of staff indefinitely if Congress can't reach an agreement to fund the federal government. LATEST FROM THE EDGE [How Can Your Security Team Help Developers Shift Left?]( Implementing a shift-left process in cybersecurity requires pulling together people, processes, and technology. LATEST FROM DR TECHNOLGY [A Preview of Windows 11's Passkeys Support]( The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication. LATEST FROM DR GLOBAL [Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World]( How the UK is assisting other nations in forming their own versions of a National Centre for Cybersecurity (NCSC). WEBINARS - [Fundamentals of a Cyber Risk Assessment]( Executives are increasingly thinking about cyberattacks and security threats in terms of risk to their organization. It can be difficult for organizations to quantitatively measure risk, or to assess how an attack or breach would impact the business. In this ... - [Using AI in Application Security Tooling]( As AI continues to improve, security vendors are considering how they can use AI to protect applications. In web application and API security tooling used to protect production environments, AI/ML can be used to enhance and complement existing tactics ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Crucial Considerations when Enabling Secure Industrial Digital Transformation]( - [2023 Work-From-Anywhere Global Study]( - [The Ultimate Guide to the CISSP]( - [Rediscovering Your Identity]( - [Cybersecurity in a post pandemic world: A focus on financial services]( [View More White Papers >>]( FEATURED REPORTS - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [Everything You Need to Know About DNS Attacks]( - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Radiant Logic Announces Expanded Identity Analytics and Data Management Platform Capabilities]( [Fortinet Announces Formation of Veterans Program Advisory Council to Narrow the Cybersecurity Skills Gap With Military Veteran Talent]( [Netscout Identified Nearly 7.9M DDOS Attacks in the First Half of 2023]( [Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How to Deploy Zero Trust for Remote Workforce Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118496&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.02.23&sp_cid=49982&utm_content=DR_NL_Dark%20Reading%20Daily_10.02.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#3f If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)