1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • MOVEit Transfer has a major security issue - here's what you need

    From TechnologyDaily@1337:1/100 to All on Fri Jun 2 17:00:04 2023
    MOVEit Transfer has a major security issue - here's what you need to know

    Date:
    Fri, 02 Jun 2023 15:54:12 +0000

    Description:
    Hackers abused a zero-day in MOVEit Transfer to move countless sensitive files, experts claim.

    FULL STORY ======================================================================

    The dust hasnt even settled properly around the GoAnywhere MFT fiasco, and we already have another enterprise secure file transfer solution breached and abused for data theft.

    This time its MOVEit Transfer, a managed file transfer (MFT) solution built
    by a Ipswitch, a subsidiary of a company called Progress.

    The company has confirmed the discovery of a critical vulnerability, and
    urged its users to apply a workaround immediately in anticipation of an official patch. Privilege escalation

    "Progress has discovered a vulnerability in MOVEit Transfer that could lead
    to escalated privileges and potential unauthorized access to the
    environment," the companys announcement states.

    "If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch."

    The company says that users should block external traffic to ports 80 and
    443, which will most likely prevent external access to the web UI, as well as some automation tasks. APIs will stop working, as will the Outlook plugin,
    but customers can still use SFTP and FTP/s protocols to transfer files
    between endpoints . Read more

    Clop ransomware may have infected even more victims than previously thought


    Saks Fifth Avenue becomes latest Clop ransomware victim


    Check out the best ID theft protection right now

    Furthermore, the users should inspect the 'c:\MOVEit Transfer\wwwroot\'
    folder for unexpected files, backups or large file downloads, as that seems
    to be the number one indicator of compromise, BleepingComputer also reported.

    The details about the flaw and its abusers itself are still missing. We know its a zero-day, and that it can be used to extract sensitive files from the users. Cybersecurity researchers from Rapid7 believe this is an SQL injection flaw that allows for remote code execution. No CVE has yet been assigned.

    We also dont know the flaws impact, but BleepingComputer has said its sources tell it numerous organizations have had their data stolen so far. There are
    at least 2,500 exposed transfer servers, mostly located in the United States.

    Its safe to assume the attackers will try to extort money from the victims,
    in exchange for keeping the data private. These are the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/top-file-transfer-tool-moveit-has-a-major-secur ity-issue


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)