2023-06-03 18:01:00
The importance of keeping one’s data secure has never been more pressing than in today’s increasingly connected society. Zero-day vulnerabilities are known to often lurk in the shadows of our digital landscapes, patiently waiting to be exploited. Today, we are going to shed light on one of these recently discovered vulnerabilities, known as CVE-2023-34362, which is an SQL injection vulnerability that was found to be present in the MOVEit Transfer online application. The popular MOVEit Transfer app, which is used for controlled file transfers, has come under attack. The SQL injection vulnerabilities were present in versions prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 ( 15.0.1). Unauthenticated attackers have been taking advantage of these vulnerabilities. Due to this vulnerability, they have the opportunity to access MOVEit Transfer’s database, which contains a large trove of confidential information. These cybercriminals can obtain information about the structure of the database as well as the content of the database in the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL). They also have the ability to execute SQL commands, allowing them to edit, change, or even destroy important database components. Unpatched systems are very vulnerable to the risk of being exploited via HTTP or HTTPS.
According to Rapid7, as of May 31, 2023, an alarming 2,500 instances of MOVEit Transfer were available to the general public over the Internet. The United States was found to be the location of most of these exposed cases, raising substantial cybersecurity concerns.
As soon as this information became public, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the potential threat. It recommended each and every user and organization using MOVEit Transfer to take certain preventive measures to protect themselves from the possibility of criminal activity.
Isolating the servers is one of the recommended steps and is of the utmost importance. It is possible to drastically reduce the scope of possible attacks by blocking traffic in both directions (incoming and outgoing). It is also vital to perform thorough inspections of environments for possible indicators of compromise (IoC). Before making any necessary adjustments, it is highly recommended to get rid of any IoCs that have been found.
The finding of CVE-2023-34362 serves as yet another reminder of the persistent dangers that constantly lurk in our digital environment. This SQL injection vulnerability in the online application MOVEit Transfer is a startling reminder of the constant cybersecurity threats we face. It was discovered in the wild in May and June 2023.
Working as a cybersecurity solutions architect, Alisa focuses on data protection and enterprise data security. Before joining us, he held various cybersecurity researcher positions within a variety of cybersecurity companies. He also has experience in different industries such as finance, medical healthcare, and facial recognition.
Send news tips to info@noticiasseguridad.com or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad
#Isolate #shut #MOVEit #Transfer #servers #machines #immediately