Hackers Exploit Zero-Day Vulnerability in MOVEit Transfer for Data Theft
Originally Published 2 years ago — by BleepingComputer
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems by June 23 to fix an actively exploited SQL injection vulnerability in Progress MOVEit Transfer, a managed file transfer solution. The flaw allows remote attackers to access the database and execute arbitrary code. Threat actors have been exploiting the vulnerability since at least May 27, with mass exploitation and data theft occurring. Private companies are also advised to prioritize securing their systems against the flaw. Progress advises all customers to patch their MOVEit Transfer instances or disable HTTP and HTTPS traffic to remote the attack surface.