Hackers Exploit Zero-Day Vulnerability in MOVEit Transfer for Data Theft
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems by June 23 to fix an actively exploited SQL injection vulnerability in Progress MOVEit Transfer, a managed file transfer solution. The flaw allows remote attackers to access the database and execute arbitrary code. Threat actors have been exploiting the vulnerability since at least May 27, with mass exploitation and data theft occurring. Private companies are also advised to prioritize securing their systems against the flaw. Progress advises all customers to patch their MOVEit Transfer instances or disable HTTP and HTTPS traffic to remote the attack surface.
- CISA orders govt agencies to patch MOVEit bug used for data theft BleepingComputer
- Hackers attacking company file transfer tools — Report Punch Newspapers
- Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft Mandiant
- Hackers use flaw in popular file transfer tool to steal data, researchers say Reuters
- MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited The Hacker News
Reading Insights
0
1
2 min
vs 3 min read
80%
511 → 102 words
Want the full story? Read the original article
Read on BleepingComputer