MOVEit Transfer faces multiple critical vulnerabilities, urgent patching required.
Progress Software has warned customers of newly discovered critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer solution that can allow attackers to steal information from customers' databases. The security bugs were discovered with the help of cybersecurity firm Huntress following detailed code reviews initiated by Progress on May 31. The vulnerabilities affect all MOVEit Transfer versions and enable unauthenticated attackers to compromise Internet-exposed servers to alter or extract customer information. Progress has released a patch for the vulnerabilities and urges all customers to apply it immediately. The Clop ransomware gang has claimed responsibility for targeting a MOVEit Transfer zero-day vulnerability, which led to a series of data-theft attacks that have allegedly affected "hundreds of companies."
- New MOVEit Transfer critical flaws found after security audit, patch now BleepingComputer
- Cl0P Gang Sat on Exploit for MOVEit Flaw for Nearly 2 Years DARKReading
- MOVEit announces second vulnerability; Minnesota schools agency breached with original bug The Record by Recorded Future
- Clop ransomware likely testing MOVEit zero-day since 2021 BleepingComputer
- Progress Discloses More MOVEit Vulnerabilities, Releases New Patch CRN
Reading Insights
0
1
2 min
vs 3 min read
79%
551 → 118 words
Want the full story? Read the original article
Read on BleepingComputer