Progress Addresses Third Flaw in MOVEit Transfer Software

June 16, 2023

Progress Software recently revealed a new SQL injection vulnerability affecting its MOVEit Transfer application. This marks the third issue the company has addressed, following its discovery of a vulnerability that could lead to escalated privileges and potential unauthorized access to the environment. According to the advisory published by Progress, it is crucial for MOVEit Transfer customers to take immediate action to help protect their environment. The company recommends applying mitigation measures to prevent unauthorized access to installations until the June 15th patch (CVE Pending) can be applied. These measures include disabling all HTTP and HTTPs traffic to the MOVEit Transfer environment and modifying firewall rules to deny HTTP and HTTPs traffic to the software on ports 80 and 443.

Progress has released security updates to address new SQL injection vulnerabilities in the MOVEit Transfer application. If exploited, these vulnerabilities can be used by attackers to steal sensitive information. Researchers from cybersecurity firm Huntress discovered the vulnerabilities, and fortunately, Progress Software is not aware of any attacks in the wild that have exploited these vulnerabilities.

Another recent vulnerability in MOVEit software, CVE-2023-34362, gained attention when it was revealed that it could be exploited by an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. The Clop ransomware gang claims to have hacked hundreds of companies by exploiting this vulnerability. Kroll researchers discovered that the Clop ransomware gang had been searching for a zero-day exploit in the MOVEit software since 2021. At the time of writing, the Clop ransomware group had already added 27 companies to the list of victims on its dark web leak site, claiming to have compromised these businesses by exploiting the zero-day CVE-2023-34362.

The Clop ransomware group published the following message on its leak site to address the theft of data from government agencies reported by some media: "WE GOT A LOT OF EMAILS ABOUT GOVERNMENT DATA, WE DON’T HAVE ANY GOVERNMENT DATA AND ANYTHING DIRECTLY RESIDING ON EXPOSED AND BAD PROTECTED NOT ENCRYPTED FILE TRANSFER WE STILL DO THE POLITE THING AND DELETE ALL. ALL MEDIA SPEAKING ABOUT THIS ARE DO WHAT ALWAYS THEY DO. PROVIDE LITTLE TRUTH IN A BIG LIE. WE ALSO WANT TO REMIND ALL COMPANY THAT IF YOU PUT DATA ON INTERNET WHERE DATA IS NOT PROTECT DO NOT BLAME US FOR PENETRATION TESTING SERVICE. WE ARE ONLY FINANCIAL MOTIVATED AND DO NOT CARE ANYTHING ABOUT POLITICS."

Related News

• UK Regulator Ofcom Hit by Clop Ransomware via MOVEit File Transfer Zero-Day
• Exploit for MOVEit RCE Bug Released, Used in Data Theft Attacks
• Critical SQL Injection Vulnerabilities Discovered in MOVEit Transfer; Patch Released
• Clop Ransomware Exploiting MOVEit Zero-Day Since 2021
• Major Companies Affected by MOVEit Zero-Day Attack

Latest News

• US Government Agencies Targeted in Clop Ransomware Attacks Exploiting MOVEit Vulnerability
• Chinese UNC4841 Group Targets Barracuda Email Security Gateway Zero-Day Vulnerability
• Critical Security Flaw Found in WooCommerce Stripe Gateway Plugin
• Microsoft's June 2023 Patch Tuesday Addresses 78 Vulnerabilities, Including 38 RCE Bugs
• Chinese Hackers Exploit VMware ESXi Zero-Day to Compromise VMs