tldrdaily.news logo
Tag

Sql Injection Vulnerability

All articles tagged with #sql injection vulnerability

MOVEit Vulnerabilities Expose Organizations to Ransomware Attacks.
cybersecurity2 years ago

MOVEit Vulnerabilities Expose Organizations to Ransomware Attacks.

Progress Software has fixed a third SQL injection vulnerability (CVE-2023-35708) in its MOVEit Transfer web application, which could lead to escalated privileges and unauthorized access. The Cl0p cyber extortion gang exploited a previous vulnerability (CVE-2023-34362) to grab enterprise data and has started disclosing the names of victim organizations, including Shell, banks, media companies, and universities. Progress Software has urged customers to update their MOVEit Transfer installations to the latest versions to fix the vulnerability.

via Help Net Security|
#cl0p#cybersecurity#data-breach
MOVEit Transfer App Faces Third Flaw Amidst Ransomware Attack and Cyberattacks on US Banks and Universities.
cyber-attack-ransomware2 years ago

MOVEit Transfer App Faces Third Flaw Amidst Ransomware Attack and Cyberattacks on US Banks and Universities.

Progress Software has disclosed a third vulnerability in its MOVEit Transfer application, which is yet to be assigned a CVE identifier, that could lead to escalated privileges and potential unauthorized access to the environment. The Cl0p ransomware gang has been deploying extortion tactics against affected companies, and the vulnerability has been exploited in data theft attacks. Progress Software is urging its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared to address the weakness.

via The Hacker News|
#cl0p-ransomware#cyber-attack-ransomware#data-theft-attacks
Hackers Exploit Zero-Day Vulnerability in MOVEit Transfer for Data Theft
cybersecurity2 years ago

Hackers Exploit Zero-Day Vulnerability in MOVEit Transfer for Data Theft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems by June 23 to fix an actively exploited SQL injection vulnerability in Progress MOVEit Transfer, a managed file transfer solution. The flaw allows remote attackers to access the database and execute arbitrary code. Threat actors have been exploiting the vulnerability since at least May 27, with mass exploitation and data theft occurring. Private companies are also advised to prioritize securing their systems against the flaw. Progress advises all customers to patch their MOVEit Transfer instances or disable HTTP and HTTPS traffic to remote the attack surface.

via BleepingComputer|
#cisa#cybersecurity#data-theft