Featured Story
MOVEit Mayhem 3: “Disable HTTP and HTTPS Traffic Immediately”
Progress Software has disclosed another critical zero-day vulnerability in MOVEit Transfer, urging users to disable HTTP and HTTPS traffic immediately. This is the third major flaw disclosed in quick succession. While cloud environments have been patched, on-premise systems must act urgently.
Until patched, Progress advises disabling traffic on ports 80 and 443, which will temporarily disable several MOVEit services including APIs and web UI access.
This wave of 0-days affecting MOVEit continues to have global impact. Follow the vendor’s mitigation guidance and update as soon as patches are available. Our SOC can assist with threat hunting, patch validation, and firewall rule assessments.
Other Stories
Microsoft Patch Tuesday for June 2023 Fixes 6 Critical Flaws
Microsoft released patches for 69 vulnerabilities this month, including six critical ones. Affected products include Windows, Office, Exchange, Teams, Edge, SharePoint, and more. No zero-days were disclosed this cycle, but several high-severity flaws are notable.
Even without zero-days, these patches are important. Delayed patching remains a common root cause in breaches. Our SOC team offers patch validation services and prioritization strategies based on asset exposure.
Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls
Fortinet has patched CVE-2023-27997 — a critical remote code execution vulnerability affecting SSL VPNs. The flaw is exploitable pre-authentication and potentially bypasses MFA. Immediate patching is strongly recommended.
If patching is delayed, disable SSL VPN as a temporary workaround. Our SOC team can support vulnerability scanning, risk assessment, and SSL service exposure reviews.
New Scam Alert: “Your iCloud Space is Full”
More than 3,800 phishing reports were filed last week about scam emails pretending to come from iCloud. Victims are urged to click a link and purchase additional storage — leading to fake payment portals designed to steal banking credentials.
Always navigate to official portals directly. Never click links from unsolicited messages. Report phishing to:
- verdacht@safeonweb.be
- suspect@safeonweb.be
- suspicious@safeonweb.be
Our SOC team supports awareness training and managed phishing triage services.
Swiss Government Targeted by Series of Cyber Attacks
On June 12, several Swiss federal websites and public services were hit by a DDoS attack. The pro-Russian group NoName claimed responsibility. Earlier in the month, ransomware also targeted Xplain, a software vendor supporting Swiss agencies.
DDoS and ransomware threats from politically motivated groups continue to rise. Governments and public-sector partners must prepare through crisis simulation, network hardening, and cyber threat intelligence. We offer all three.
