Sophos – Page 40 – PossibleThreat Articles

Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now

June 7, 2023 0 Comments chrome, cve-2023-3079, Edge, Google, Google Chrome, Microsoft, Microsoft Edge, type confusion, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Tue, 06 Jun 2023 18:28:43 +0000

Chrome 0-day patched now, Edge patch coming soon.

Security Sophos

Update 1: Information on MOVEit Transfer and MOVEit Cloud Vulnerability CVE-2023-34362

June 6, 2023 0 Comments cve-2023-34362, dev-0950, Exploit, featured, fin11, moveit, progress software, ta505, threat research, vulnerability

Credit to Author: Christopher Budd| Date: Mon, 05 Jun 2023 21:50:09 +0000

Users of the file-transfer package should apply patches immediately and check for indications of possible compromise

Security Sophos

Chrome zero-day: “This exploit is in the wild”, so check your version now

June 6, 2023 0 Comments chrome, cve-2023-3079, Edge, Google, Google Chrome, Microsoft, Microsoft Edge, type confusion, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Tue, 06 Jun 2023 16:28:43 +0000

Chrome 0-day patched now, Edge patch coming soon.

Security Sophos

Information on MOVEit Transfer and MOVEit Cloud Vulnerability CVE-2023-34362

June 5, 2023 0 Comments cve-2023-34362, dev-0950, Exploit, fin11, moveit, progress software, ta505, threat research, vulnerability

Credit to Author: Christopher Budd| Date: Mon, 05 Jun 2023 21:50:09 +0000

Users of the file-transfer package should apply patches immediately and check for indications of possible compromise

Security Sophos

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

June 5, 2023 0 Comments cve-2023-34362, data loss, moveit, progress, Ransomware, vulnerability

Credit to Author: Paul Ducklin| Date: Mon, 05 Jun 2023 17:59:29 +0000

Little Bobby Tables is back!

Security Sophos

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

June 2, 2023 0 Comments firmware, gigabyte, vulnerability, wpbt

Credit to Author: Paul Ducklin| Date: Fri, 02 Jun 2023 13:56:58 +0000

It’s a backdoor, Jim, but not as we know it… here’s a sober look at this issue.

Security Sophos

S3 Ep137: 16th century crypto skullduggery

June 1, 2023 0 Comments bust, Crypto, Cryptography, cve-2023-32784, Cybercrime, data loss, keepass, Law & order, oauth, Podcast, Ransomware, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 01 Jun 2023 16:45:58 +0000

Lots to learn, clearly explained in plain English… listen now! (Full transcript inside.)

Security Sophos

Serious Security: That KeePass “master password crack”, and what we can learn from it

May 31, 2023 0 Comments cve-2023-32784, data loss, keepass, memory management, ram scraping, serious security

Credit to Author: Paul Ducklin| Date: Wed, 31 May 2023 17:39:00 +0000

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don’t panic.)

Security Sophos

Sophos NDR Live Discover reports are now available

May 30, 2023 0 Comments ndr, products & services, security operations

Credit to Author: Karl Ackerman| Date: Wed, 31 May 2023 02:14:04 +0000

These new queries and reports are available for free to all licensed NDR customers.

Security Sophos

Serious Security: Verification is vital – examining an OAUTH login bug

May 30, 2023 0 Comments cve-2023-28131, data loss, expo, oauth, vulnerability

Credit to Author: Paul Ducklin| Date: Tue, 30 May 2023 16:59:21 +0000

What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?