MOVEit Transfer Vulnerabilities Uncovered - Urgent Patch Required.
Progress Software has released patches to address new SQL injection vulnerabilities affecting MOVEit Transfer that could allow an attacker to gain unauthorized access to the database and steal sensitive information. Cybersecurity firm Huntress discovered and reported the vulnerabilities, and the flaws have been addressed in the latest versions of the service. The Cl0p ransomware gang has been exploiting a previously reported vulnerability in MOVEit Transfer to drop web shells on targeted systems and has issued an extortion notice to affected companies.