News

Risk & Repeat: Moveit Transfer flaw triggers data breaches

Listen to this podcast

Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability.

Progress Software last week disclosed a critical flaw in its Moveit Transfer product that was quickly revealed to be a zero-day vulnerability under exploitation in the wild.

Progress disclosed the bug on May 31 as a SQL injection bug. Now tracked as CVE-2023-34362, Progress urged customers to mitigate the flaw and then update their software when a patch became available later that day. Although the vendor was quick to respond, instances of its managed file transfer software Moveit Transfer were already under attack.

Security vendors reported exploitation soon after Progress’ initial disclosure, which did not note active exploitation at the time. On Sunday, Microsoft attributed the attacks to a threat actor, dubbed Lace Tempest, tied to the Clop ransomware gang. Then, this week, a wave of organizations confirmed data breaches stemming from the vulnerability, including HR software provider Zellis, the BBC and the government of Nova Scotia, Canada.

On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss the critical Moveit Transfer bug, Progress’ response and the victims affected by it.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Articles You May Like

Cybersecurity Incident Hits Fidelity National Financial
What startup founders need to know about AI heading into 2024
AWS reInvent: Everything Amazon’s announced, from new AI tools to LLM updates and more
Prosus slashes valuation of India’s Byju’s below $3 billion
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

Leave a Reply

Your email address will not be published. Required fields are marked *