Displaying items by tag: moveit

Last week Progress Software, the company behind MOVEit file transfer software, announced another SQL injection flaw had been identified and patched. This flaw is just the latest in a series of vulnerabilities that have been identified in the application after the Cl0p ransomware group was found to have exploited a different SQL injection flaw to steal data from multiple MOVEit users. The attacks started in late 2022, but the Cl0p group might have been testing different entry points as far back as June 2022.

MOVEit has been in the news quite a bit lately. First it was the disclosure of a Zero-Day that was actively being exploited since October 2022. Next up was the fact that the group exploiting the flaw was probably tinkering around the vulnerability since mice 2021. If that were not bad enough a new security audit performed on the MFT (managed file transfer) has found even more vulnerabilities in the service. The flaws are like the original zero-day flaws, in that they are SQL injection flaws that allow for theft of data from customer databases.

In today’s episode of why we need to change how we do things; it has come to light that the critical MOVEit zero-day that allowed complete control over targeted file transfer platforms may have been identified by the Cl0p ransomware group as far back as 2021. According to researchers at Kroll, the group appears to have been looking for the right way to properly exploit is as part of a data theft campaign against the Managed File Transfer Utility.