New zero-day vulnerability in MOVEit Transfer and cloud. Shut down your servers

New zero-day vulnerability in MOVEit Transfer and cloud.  Shut down your servers

2023-06-09 22:51:57

As more organizations declare data breaches caused by program flaws, the developer of the popular file transfer tool MOVEit has revealed that its software has a second flaw that makes it susceptible to vulnerabilities.

Software company Progress said on Friday that after the discovery of the initial vulnerability, CVE-2023-34362, cybersecurity firm Huntress has been conducting code evaluations of the MOVEit product and has found a new issue as a result of its efforts. On Friday, the company announced the availability of a fix for the flaw and urged MOVEit Transfer customers to implement the update. The alert stated that the newly discovered vulnerability could make it possible for an attacker to gain unauthorized access to the MOVEit Transfer database, which “could result in the modification and disclosure of the MOVEit database content.”

This vulnerability, which does not yet have a CVE designation, affects all versions of the product and could lead to a security breach. As a result of the MOVEit vulnerability, several companies and organizations that were recently affected revealed data leaks. There is a connection between data breaches that occurred at the BBC, Boots and Aer Lingus, and a cyber event that affected their payroll provider Zellis.

Meanwhile, the identified victims in North America were the Nova Scotia government and the University of Rochester. Microsoft alerted Clop on Sunday that it was the group responsible for efforts to exploit MOVEit. On Wednesday morning, Clop issued an extortion message saying “hundreds” of businesses were affected and warning that these victims should contact the gang or be listed on the organization’s extortion site. Microsoft warned that Clop was behind the attempts to exploit MOVEit.

After the first deadline of June 12, which was stated in the gang’s post, the criminals threatened that “we will post your name on this page”, however, the deadline was eventually moved to June 14. Though no explanation for the delay was provided. The BBC’s Joe Tidy noted that June 12 is a holiday in the Russian Federation, so that may have been the cause.

An adversary could potentially compromise the MOVEit database by sending a specially crafted payload to a MOVEit transfer application endpoint, which would then result in the content of the MOVEit database being modified or disclosed. MOVEit Transfer customers are required to download and install the latest patch, which became available on June 9, 2023. Research is still ongoing, however, at this time there are no signs to suggest that any of these vulnerabilities have been found. has recently been exploited. According to the company, all MOVEit Cloud clusters have already been patched against these newly discovered vulnerabilities to protect them from any possible attacks that might be launched against them.

#zeroday #vulnerability #MOVEit #Transfer #cloud #Shut #servers


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent News

Editor's Pick