Tag Archive for: File

Another Progress Software file transfer utility vulnerable – Security – Software

/in


Progress Software, whose MOVEIt file transfer software was the vector for a variety of attacks earlier this year, has disclosed critical vulnerabilities in another package – and one is already being exploited.

Another Progress Software file transfer utility vulnerable

CVE-2023-40044 was discovered by two researchers from Assetnote, Shubham Shah and Sean Yeoh.

On October 1, they wrote that Progress Software’s WS_FTP package has a deserialisation vulnerability that affects “the entire Ad Hoc Transfer component” of the package.

In its advisory, Progress Software said: “In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialisation vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.”

However, Shah and Yeoh claimed that “the vulnerability could be triggered without any authentication”.

Assetnote said its scans revealed nearly 3000 hosts on the internet that matched the conditions for exploitation – they are running WS_FTP and they have an accessible web server, and most “belong to large enterprises, governments and educational institutions”.

Progress Software disclosed a number of other vulnerabilities in its advisory, including CVE-2023-42657, a critical-rated directory traversal bug that allows attackers to perform file operations (including deleting and renaming files and directories) on locations on the underlying operating system.

Source…

Ransomware File Decryptor Market 2031 Insights with Key Innovations Analysis

/in


Throughout the period of forecasting, it is anticipated that the global Ransomware File Decryptor market will grow at a projected CAGR of X.X%. The market is anticipated to reach USD XX billion in value by 2031, propelled by increased demand for sophisticated security solutions and the expanding use of cloud-based services across a range of sectors. Furthermore, it is projected that the development of artificial intelligence and machine learning technologies in the cybersecurity sector would open up an attractive potential for market participants. The adoption of strict governmental guidelines and compliance requirements is also anticipated to increase demand for cybersecurity solutions.

Request a sample report @ https://www.orbisresearch.com/contacts/request-sample/6862113

A complete analysis of the market as a whole, taking into consideration market size, rate of development, movements, and drivers, is provided in the report on the worldwide market for Ransomware File Decryptor. The key market participants, their competitive environment, and their growth strategies are also covered. The study also provides insights into different market segments based on product type, application, and location. In conclusion, this research is a useful tool for anyone trying to grasp the dynamics of the Ransomware File Decryptor industry and make wise business decisions. A competitive landscape detailing the major companies in the market and their tactics for holding onto their positions is also included in the report’s thorough study. With this knowledge, readers can better comprehend the competitive situation of the market and develop their own plans in line with it.

Key Players in the Ransomware File Decryptor market:

Kaspersky
AVG
Emsisoft
Trend Micro
Avast
Quick Heal
Trellix
No More Ransom
McAfee
WannaDecrypt
Wannakiwi
Darkside
Maureen Data Systems

Ransomware File Decryptor market Segmentation by Type:

Cloud-based
On-premises

Ransomware File Decryptor market Segmentation by Application:

SMEs
Large Enterprises

Direct Purchase the report @ https://www.orbisresearch.com/contact/purchase-single-user/6862113

This worldwide Ransomware File Decryptor market study is a good investment for…

Source…

Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway

/in


A threat group with likely links to the financially motivated group known as FIN11 and other known adversaries is actively exploiting a critical zero-day vulnerability in Progress Software’s MOVEit Transfer app to steal data from organizations using the managed file transfer technology.

MOVEit Transfer is a managed file transfer app that organizations use to exchange sensitive data and large files both internally and externally. Organizations can deploy the software on-premises, or as infrastructure-as-a-service or as software-as-a-service in the cloud. Progress claims thousands of customers for MOVEit including major names such as Disney, Chase, BlueCross BlueShield, Geico, and Major League Baseball.

Researchers from Google’s Mandiant security group who are tracking the threat believe the exploit activity may well be a precursor to follow-on ransomware attacks on organizations that have fallen victim so far. A similar pattern played out earlier this year after an attacker exploited a zero-day flaw in Forta’s GoAnywhere file transfer software to access customer systems and steal data from them.

The Microsoft Threat Intelligence team meanwhile said via Twitter today that it has attributed the attack to a baddie it calls “Lace Tempest,” which is a financially motivated threat and ransomware affiliate that has ties to not only FIN11, but also TA505, Evil Corp, and the Cl0p gang.

Data Theft Happening in Minutes

An initial investigation into the MOVit Transfer attacks by Mandiant showed that the exploit activity began on May 27, or roughly four days before Progress disclosed the vulnerability and issued patches for all affected versions of the software. Mandiant has so far identified victims across multiple industry sectors located in Canada, India, and the US but believes the impact could be much broader.

“Following exploitation of the vulnerability, the threat actors are deploying a newly discovered LEMURLOOT Web shell with filenames that masquerade as human.aspx, which is a legitimate component of the MOVEit Transfer software,” Mandiant said in a blog post June 2.

The Web shell allows the attackers to issue commands for enumerating files and folders on a system running MOVEit…

Source…

Can Organizations Combat Malicious Password-Protected File Attacks?

/in


Password-protected files are an intelligent way in which attackers are working to evade enterprise security defenses and infect endpoints. 

Not long ago, phishing attacks were nearly always delivered via email. However, today’s threat actors are increasingly targeting other channels – be it SMS, social media direct messaging and even collaboration tools – to evade common anti-malware engines, content filters and signature-based detection tools.

Across these varied platforms, password-protected files remain a common attack vector. Here, malicious payloads are hidden within seemingly benign, safe, and accepted file formats. Because the files are encrypted, security tools can’t read and analyze them. When this is done using commonly used file extensions, organizations often allow malicious files to pass through security sandboxes or automated analysis tools.

As a result, password-protected files containing malware are all too often able to evade network or gateway security defenses and endpoint detection solutions, reaching the threat actor’s target destination. Once this has been achieved, individuals are exposed to increasingly sophisticated and convincing social engineering and spear phishing tactics used by attackers to trick their targets into clicking on attachments and entering the required password, leading to infection of the endpoint. 

To reiterate, this no longer happens exclusively over email. Indeed, threat actors are increasingly directing potential victims to web browsers and external storage applications, such as Dropbox and Google Drive, to the same effect. 

Three Malicious Password-Protect File Attacks

Password-protected files have resulted in widespread breaches and made headlines recently – one example stemming from the North Korean Lazarus group.

Here, threat actors delivered malicious Office documents hidden in ZIP files as they targeted Russian organizations. When its intended victims clicked on these ZIP files, they would find themselves presented with what looks like a legitimate and indeed safe Word document. 

However, this was used to launch macros and infect the target endpoint. Once this had been achieved, the…

Source…