Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Read also: Multiple firms impacted in the widespread MOVEit hacking spree, a hack drains at least $35M in crypto from Atomic Wallet users, and more.

An attack exploiting CVE-2023-34362, a zero-day vulnerability in the MOVEit file transfer software, was disclosed at the start of June, with additional victims still being uncovered. The vulnerability is an SQL injection vulnerability that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. The attack was carried out by at least one threat who gained unauthorized access to the software and stole sensitive data from affected organizations.

The latest video in our Snyk Partner Speak Series showcases how Snyk and Dynatrace bring complementary capabilities to different parts of the DevSecOps lifecycle. Check it out and learn how the integration enables organizations to observe, investigate, fix, and govern with a single solution. The Snyk DevSecOps Lifecycle Coverage App is the newest milestone in the Snyk and Dynatrace strategic alliance.

On June 7th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting the recent efforts of threat actors to disseminate CL0P ransomware. The various malicious indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) being leveraged by the threat actors are listed in US-CERT Alert (AA23-158A) – CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.

NOTE: The MOVEit Transfer vulnerability remains under active exploitation, and Kroll experts are investigating. Expect frequent updates to the Kroll Cyber Risk blog as our team uncovers more details. On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362).

Improved BlackCat ransomware variant strikes with lightning speed in stealthier attacks, Microsoft finds a macOS bug that lets hackers bypass SIP root restrictions, and Dark Pink hackers continue to target government and military organizations.

As the cyber threat landscape continues to evolve, you know there’s a growing need to ensure applications and software are protected from malicious actors. A holistic and intelligent approach to threat and vulnerability management is essential for ensuring security against modern cyber risk. By leveraging AI-powered tools, especially for tasks like remediating security flaws, you can manage and reduce risk quickly and effectively.