New MOVEit Transfer critical flaws found after security audit

Sead Fadilpašić

June 12, 2023 at 10:00 AM·2 min read

Illustration of a laptop with a magnifying glass exposing a beetle on-screen

Progress Software, the company behind the MOVEit secure managed file transfer (MFT) tool, has warned users it has found a separate vulnerability that can also be used to steal their sensitive data with malware, and urged them to apply the newly released patch - immediately.

Earlier this month, it was revealed that MOVEit carried a high severity flaw that allowed threat actors to exfiltrate data from an undisclosed number of users, highly likely in the hundreds.

The vulnerability is tracked as CVE-2023-34362. Soon after news broke, a threat actor known as Clop, a hacking group allegedly affiliated with the Russian government, assumed responsibility for the attack, saying data samples will soon appear on its data leak site, and that the negotiations with affected clients are ongoing.

Code audit

MOVEit is a file transfer tool used by enterprises, as well as small and medium-sized businesses (SMB), to share sensitive data, such as personally identifiable information, banking data, health information, and similar, in a secure manner. That helps businesses prevent incidents that can lead to identity theft, wire fraud, and more.

In response to the incident, Progress conducted a detailed code review with the help of the cybersecurity firm Huntress, which is when the new bug was discovered. It’s described as an SQL injection flaw that can enable data exfiltration and theft. All versions of MOVEit are affected, it was added.

> Ransomware gangs are losing interest in US firms

> Saks Fifth Avenue becomes latest Clop ransomware victim

> Check out the best endpoint security systems right now

"An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," Progress said. "All MOVEit Transfer customers must apply the new patch, released on June 9, 2023. The investigation is ongoing, but currently, we have not seen indications that these newly discovered vulnerabilities have been exploited," the company added.

MOVEit Cloud has already been patched, the company added.

These are the best firewalls right now

Via: BleepingComputer

Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
4d ago
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
21h ago
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
3d ago
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
1d ago
Yahoo Life Shopping
Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you
It's inexpensive, but is it effective? Dermatologists' verdict is in — and it's unanimous.
1d ago
Yahoo Sports
NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in
Not everyone was thrilled with their team's draft on Thursday night.
6d ago
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
16h ago
Yahoo Sports
The best RBs for 2024 fantasy football according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 season.
2d ago
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
3d ago
Yahoo Sports
NBA playoffs: Luka Dončić leads Mavericks in blowout win over Clippers to take 3-2 series lead
Luka Dončić singlehandedly outscored Paul George, James Harden and Russell Westbrook.
5h ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

New MOVEit Transfer critical flaws found after security audit

Code audit

Recommended Stories

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

CVS stock plunges after earnings numbers one analyst 'did not even believe'

The best RBs for 2024 fantasy football according to our experts

NFL Draft grades for all 32 teams | Zero Blitz

NBA playoffs: Luka Dončić leads Mavericks in blowout win over Clippers to take 3-2 series lead