On June 1, Progress Software (Progress) announced it had identified a vulnerability in its MOVEit File Transfer Tool. The vulnerability allowed cybercriminals to exploit a critical SQL injection that could lead to escalated privileges and potential unauthorized access to the environment.
Summer of 2020 was coined the "Summer of Ransomware", but are we about to have a second summer of ransomware in 2023?
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.
Buyer beware: Scammers have set up shop on Facebook. Here's how to avoid falling victim to some common Facebook Marketplace scams.
Fortalice's Threat and Incident Response Team is providing this advisory video to partners on recent developments associated with the HAFNIUM Threat Activity and Microsoft Exchange. The information is current as of March 2021.
The notification provided to Mimecast from Microsoft indicated that several certificates issued by Mimecast had been compromised by a sophisticated threat actor.