Progress Software issues second patch for MOVEit Transfer App vulnerabilities
Progress Software has released a second patch to address additional SQL Injection vulnerabilities in its MOVEit Transfer app. This follows the fix for a widely exploited zero-day vulnerability in the app released just days before. The new vulnerabilities, found during a code review by Huntress, are present in all versions of MOVEit Transfer and have not yet been assigned CVEs. An attacker could exploit these vulnerabilities to gain access to the MOVEit Transfer database and modify or steal data from it. Although there are no indications of these newly discovered vulnerabilities having been exploited, Progress has advised users to install the new patch immediately to avoid the possibility of further attacks by threat actors.
Additional SQL vulnerability as exploits continue
Reports have emerged of the Cl0p ransomware group exploiting a separate zero-day vulnerability in MOVEit Transfer, known as CVE-2023-34362, to steal data from thousands of organisations worldwide, including the BBC, British Airways, and the government of Nova Scotia. The US Cybersecurity and Infrastructure Security Agency (CISA) has warned about the potential of significant impact across the globe due to this vulnerability.
Huntress discovers vulnerabilities during code review
Huntress discovered these new vulnerabilities during its analysis of the app. Earlier, Huntress had provided a detailed analysis of how Cl0p threat actors had been exploiting the zero-day vulnerability discovered about two years ago. According to the spokesperson from Huntress, the vulnerabilities found this time are distinct from the first ones and were not addressed in the initial patch. Huntress responsibly disclosed these vulnerabilities to Progress, leading them to release a secondary patch. However, Huntress has not seen any recent exploitation surrounding the new CVEs.
Advice from Progress Software
Organisations that have already installed the patch for the original zero-day vulnerability should straight away apply the patch for the new vulnerabilities. At the same time, organisations that have not yet applied the first patch should instead follow alternate remediation and patching steps outlined by Progress. While automatic patching of MOVEit Cloud is in place, Progress encourages customers to review their audit logs for any unexpected or unusual file downloads, continue to review access logs and systems logging, and review system protection software logs.
Security Concerns and Advice
These days, new vulnerabilities in software can lead to serious consequences and significant financial loss. Nowadays, for quick fixes, companies try to provide patches as early as possible, but practical experience has revealed that these patches may not always provide a complete solution, so we must be vigilant. Organisations must keep their software updated, regularly check for the latest software vulnerabilities, and identify ways to mitigate against them early on. It is also essential to invest in cybersecurity infrastructure and employee training to prevent cybersecurity threats in the first place.
Editorial Note
The potential for cybersecurity threats is on the rise. This report emphasizes the importance of cybersecurity awareness and regular software checks. Developers and users must work together to keep software secure to take this particular responsibility seriously. Companies must invest in cybersecurity by using sophisticated software, training employees, and developing appropriate policies.
<< photo by Random Institute >>
You might want to read !
- Mastering the Three C’s of Communication: The Key to Funding Security Projects
- Ukrainian Hackers Target the Russian Central Bank-Linked Telecom Firm
- The Implications of Recent DOJ Charges Against Russian Nationals for the Mt. Gox Hack.
- Blackpoint’s $190 Million Funding Round Signals Growing Demand for MSP Cybersecurity Solutions
- Examining Connections Between Ransomware Group and MOVEit Zero-Day, Founding Timing Suspect
- Rethinking the Necessity of Scheduled Password Changes: A Perspective
- “Asylum Ambuscade”: A Group Behind Massive Cybercrime and Espionage Campaigns
- Exploring the New Offer: Google Cloud’s $1 Million Cryptomining Protection
- “Microsoft’s Latest Discovery: Banking AitM Phishing and BEC Attacks on Financial Giants”
- Exploring the Latest News Headlines: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- “Maximizing Cybersecurity: Utilizing Continuous Monitoring and Threat Intel to Combat Ransomware”
- Is It Time to Reassess Our Approach to ESG Appliances? Examining Barracuda’s Urgent Call to Replace.
- The “Impulse Project” Crypto Scam: A New Level of Sophistication and Sprawl
