![]() ![]() This was confirmed by a Cl0p representative to Bleeping Computer, who also said that the criminals started exploiting the vulnerability on May 27th, during the US Memorial Day holiday. Microsoft says that the group behind the attacks on MOVEit instances is the Lace Tempest group, which is a known ransomware operator and runs the extortion website Cl0p. All versions (e.g., 2020.x) before the five explicitly mentioned versions are affected, including older unsupported versions. ![]() NOTE: this is exploited in the wild in May and June 2023 exploitation of unpatched systems can occur via HTTP or HTTPS. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. On Friday the CVE had not been assigned yet, but now this vulnerability has now been listed as:ĬVE-2023-34362: In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. As such, it has a large userbase in healthcare, education, US federal and state government, and financial institutions. MOVEit Transfer is a widely used file transfer software which encrypts files and uses secure File Transfer Protocols to transfer data. If your organization uses MOVEit Transfer and you haven’t patched yet, it really is time to move it.Įxcuse the bad pun, but yesterday we saw the first victims of this vulnerability come forward. On Friday Jwe reported about a MOVEit Transfer vulnerability that was actively being exploited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |