Isolate or shut down your MOVEit Transfer servers and machines immediately

by time news

2023-06-03 18:01:00

The importance of keeping one’s data secure has never been more pressing than in today’s increasingly connected society. Zero-day vulnerabilities are known to often lurk in the shadows of our digital landscapes, patiently waiting to be exploited. Today, we are going to shed light on one of these recently discovered vulnerabilities, known as CVE-2023-34362, which is an SQL injection vulnerability that was found to be present in the MOVEit Transfer online application. The popular MOVEit Transfer app, which is used for controlled file transfers, has come under attack. The SQL injection vulnerabilities were present in versions prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 ( 15.0.1). Unauthenticated attackers have been taking advantage of these vulnerabilities. Due to this vulnerability, they have the opportunity to access MOVEit Transfer’s database, which contains a large trove of confidential information. These cybercriminals can obtain information about the structure of the database as well as the content of the database in the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL). They also have the ability to execute SQL commands, allowing them to edit, change, or even destroy important database components. Unpatched systems are very vulnerable to the risk of being exploited via HTTP or HTTPS.

According to Rapid7, as of May 31, 2023, an alarming 2,500 instances of MOVEit Transfer were available to the general public over the Internet. The United States was found to be the location of most of these exposed cases, raising substantial cybersecurity concerns.

As soon as this information became public, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the potential threat. It recommended each and every user and organization using MOVEit Transfer to take certain preventive measures to protect themselves from the possibility of criminal activity.

Isolating the servers is one of the recommended steps and is of the utmost importance. It is possible to drastically reduce the scope of possible attacks by blocking traffic in both directions (incoming and outgoing). It is also vital to perform thorough inspections of environments for possible indicators of compromise (IoC). Before making any necessary adjustments, it is highly recommended to get rid of any IoCs that have been found.

The finding of CVE-2023-34362 serves as yet another reminder of the persistent dangers that constantly lurk in our digital environment. This SQL injection vulnerability in the online application MOVEit Transfer is a startling reminder of the constant cybersecurity threats we face. It was discovered in the wild in May and June 2023.

#Isolate #shut #MOVEit #Transfer #servers #machines #immediately

You may also like

Leave a Comment