MOVEit Transfer App Exploited by Hackers for Data Theft and Ransomware Attacks, Microsoft and CISA Warn

June 5, 2023 at 12:03 PM

•

1 min read

MOVEit Transfer App Exploited by Hackers for Data Theft and Ransomware Attacks, Microsoft and CISA Warn — Photo: The Hacker News

TL;DR Summary

Microsoft has linked the ongoing exploitation of a critical flaw in the Progress Software MOVEit Transfer application to the Lace Tempest threat actor. The group is known for exploiting different zero-day flaws to siphon data and extort victims. The flaw, CVE-2023-34362, allows attackers to authenticate as any user and gain access to the database and execute arbitrary code. At least 3,000 exposed hosts are believed to be utilizing the MOVEit Transfer service. Users are recommended to apply vendor-provided patches as soon as possible to secure against potential risks.

Topics:business #cybersecurity #data-exfiltration #lace-tempest #microsoft #moveit-transfer #sql-injection

Share this article

Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App The Hacker News
Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations SecurityWeek
Microsoft links Clop ransomware gang to MOVEit data-theft attacks BleepingComputer
CISA warns of critical vulnerability in MOVEit file transfer software SiliconANGLE News
Report: Hackers Exploit File-Transfer Software MOVEit Security Flaw to Steal User Data PYMNTS.com

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

72%

318 → 88 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights