Progress Addresses Third Flaw in MOVEit Transfer Software
June 16, 2023
Progress Software recently revealed a new SQL injection vulnerability affecting its MOVEit Transfer application. This marks the third issue the company has addressed, following its discovery of a vulnerability that could lead to escalated privileges and potential unauthorized access to the environment. According to the advisory published by Progress, it is crucial for MOVEit Transfer customers to take immediate action to help protect their environment. The company recommends applying mitigation measures to prevent unauthorized access to installations until the June 15th patch (CVE Pending) can be applied. These measures include disabling all HTTP and HTTPs traffic to the MOVEit Transfer environment and modifying firewall rules to deny HTTP and HTTPs traffic to the software on ports 80 and 443.
Progress has released security updates to address new SQL injection vulnerabilities in the MOVEit Transfer application. If exploited, these vulnerabilities can be used by attackers to steal sensitive information. Researchers from cybersecurity firm Huntress discovered the vulnerabilities, and fortunately, Progress Software is not aware of any attacks in the wild that have exploited these vulnerabilities.
Another recent vulnerability in MOVEit software, CVE-2023-34362, gained attention when it was revealed that it could be exploited by an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. The Clop ransomware gang claims to have hacked hundreds of companies by exploiting this vulnerability. Kroll researchers discovered that the Clop ransomware gang had been searching for a zero-day exploit in the MOVEit software since 2021. At the time of writing, the Clop ransomware group had already added 27 companies to the list of victims on its dark web leak site, claiming to have compromised these businesses by exploiting the zero-day CVE-2023-34362.
The Clop ransomware group published the following message on its leak site to address the theft of data from government agencies reported by some media: "WE GOT A LOT OF EMAILS ABOUT GOVERNMENT DATA, WE DON’T HAVE ANY GOVERNMENT DATA AND ANYTHING DIRECTLY RESIDING ON EXPOSED AND BAD PROTECTED NOT ENCRYPTED FILE TRANSFER WE STILL DO THE POLITE THING AND DELETE ALL. ALL MEDIA SPEAKING ABOUT THIS ARE DO WHAT ALWAYS THEY DO. PROVIDE LITTLE TRUTH IN A BIG LIE. WE ALSO WANT TO REMIND ALL COMPANY THAT IF YOU PUT DATA ON INTERNET WHERE DATA IS NOT PROTECT DO NOT BLAME US FOR PENETRATION TESTING SERVICE. WE ARE ONLY FINANCIAL MOTIVATED AND DO NOT CARE ANYTHING ABOUT POLITICS."
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.
Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.