News – October 2023


  • Update on MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708

    October 4, 2023

    Unit 42 researchers have added additional information on CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 vulnerabilities using data gathered from Advanced Threat Prevention. On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to ...

  • CISA and NSA Release New Guidance on Identity and Access Management

    October 4, 2023

    Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems. This publication, which follows ESF’s Identity and ...

  • Lyca Mobile blames cyberattack for network disruption

    October 4, 2023

    U.K.-based mobile virtual network provider giant Lyca Mobile has confirmed a cyberattack that caused service disruption for millions of its customers. Lyca Mobile claims to be the world’s largest international mobile virtual network operator, or MVNO, which piggybacks off network operator EE’s infrastructure. Lyca confirmed in a statement this week that the security incident prevented customers ...

  • Kenya hit by record 860m cyber-attacks in a year

    October 3, 2023

    Kenya has witnessed an alarming surge in cyberattacks, with a staggering 860 million incidents recorded in the past year, according to the country’s communications regulator. The regulator has expressed concerns over the escalating frequency, sophistication, and scale of these cyber threats, particularly targeting Kenya’s critical information infrastructure. To put this into perspective, back in 2017, Kenya ...

  • Taiwan prosecutors investigating alleged submarine program leak

    October 3, 2023

    Prosecutors yesterday said they are investigating accusations of interference with the nation’s submarine program and that details of it were leaked, in what would be a serious breach of national security. Taiwan unveiled its first domestically developed submarine on Thursday last week, a major step in a project aimed at bolstering the nation’s defense and deterrence ...

  • IronNet, founded by former NSA director, shuts down and lays off staff

    October 3, 2023

    IronNet, a once-promising cybersecurity startup founded by a former NSA director and funded by cyber and defense investors, has shuttered and laid off its remaining staff following its collapse. In a regulatory filing published Friday, IronNet’s president and chief financial officer Cameron Pforr said the company had ceased all business activities as it prepares for ...

  • U.S. DoD’s Critical Infrastructure Is Dangerously Insecure

    October 2, 2023

    As simmering tensions in East Asia rise to a boil, the recent discovery of a Chinese penetration of the U.S. military’s telecommunication systems in Guam should be setting off alarm bells across the executive branch and in the halls of Congress. Though Chinese penetration of U.S. networks for espionage has been well documented for more than ...

  • CISA Adds One Known Exploited Vulnerability to Catalog

    October 2, 2023

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-5217 Google Chrome libvpx Heap Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency