MOVEit Vulnerability Patched After Public Exploit Disclosure
TL;DR Summary
Progress Software has issued a patch for a third critical vulnerability in its MOVEit file transfer suite, CVE-2023-35708, which was disclosed a day earlier. A proof-of-concept exploit for the flaw was also made public on the same day. The vulnerability is another SQL injection flaw that could allow an unauthenticated attacker to break into organizations' MOVEit Transfer database and steal its content. The Clop ransomware gang has exploited MOVEit's security shortcomings to steal data from organizations, with Shell reportedly becoming the first organization to have its stolen data published on the Clop leak site.
- Third MOVEit bug fixed a day after PoC exploit made public The Register
- What to know about the MOVEit ransomware attack that hit U.S. agencies The Washington Post
- Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted The Record from Recorded Future News
- Third MOVEit Transfer Vulnerability Disclosed by Progress Software DARKReading
- Explainer-How MOVEit breach shows hackers' interest in corporate file transfer tools AOL
Reading Insights
Total Reads
0
Unique Readers
1
Time Saved
3 min
vs 4 min read
Condensed
87%
740 → 94 words
Want the full story? Read the original article
Read on The Register