Hackers target new MOVEit Transfer critical auth bypass bug

Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it.
MOVEit Transfer is a managed file transfer solution used in enterprise environments to securely transfer files between business partners and customers using the SFTP, SCP, and HTTP protocols.
The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol module, which is responsible for file transfer operations over SSH. An attacker leveraging this flaw could access sensitive data stored on the MOVEit Transfer server, upload, download, delete, or modify files, and intercept or tamper with file transfers.
Threat monitoring platform Shadowserver Foundation reported seeing exploitation attempts shortly after Progress published the bulletin on CVE-2024-5806, so hackers are already attacking vulnerable endpoints.
Network scans by Censys indicate that there are currently around 2,700 internet-exposed MOVEit Transfer instances, most located in the US, UK, Germany, Canada, and the Netherlands.
The percentage of those who haven't applied the security updates and/or the proposed mitigations for the third-party flaw is unknown.
ShadowServer's report of exploitation attempts comes after offensive security company watchTowr published technical details about the vulnerability, how it can be exploited, and what defenders should look for in the logs to check for signs of exploitation.
Proof-of-concept exploit code for CVE-2024-5806 is already publicly available from watchTowr and vulnerability researcher Sina Kheirkhah.
Fixes were made available in MOVEit Transfer 2023.0.11, 2023.1.6, and 2024.0.2, available on the Progress Community portal.
Customers without a current maintenance agreement should immediately contact the Renewals team or Progress partner representative to resolve the issue.
MOVEit Cloud customers do not need to take any action to mitigate the critical flaw, as patches have already been automatically deployed.
In addition to the flaw itself, Progress notes that it discovered a separate vulnerability on a third-party component used in MOVEit Transfer, which elevates the risks associated with CVE-2024-5806.
To mitigate this flaw until a fix from the third-party vendor is made available, system administrators are advised to block Remote Desktop Protocol access to the MOVEit Transfer servers and restrict outbound connections to known/trusted endpoints.
Progress also released a security bulletin about a similar authentication bypass issue, CVE-2024-5805, which impacts MOVEit Gateway 2024.0.0.
MOVEit is widely used in the enterprise environment and hackers are keeping a eye on vulnerabilities and exploits available on the product, especially since Clop ransomware leveraged a zero day last year to breach and subsequently extort thousands of organizations.
Facebook PrestaShop module exploited to steal credit cards.
SolarWinds Serv-U path traversal flaw actively exploited in attacks.
ASUS warns of critical remote authentication bypass on 7 routers.
Black Basta ransomware gang linked to Windows zero-day attacks.
Netgear WNR614 flaws allow device takeover, no fix available.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 26 Jun 2024 19:10:19 +0000


Cyber News related to Hackers target new MOVEit Transfer critical auth bypass bug

Hackers target new MOVEit Transfer critical auth bypass bug - Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it. MOVEit Transfer is a managed file transfer solution used in enterprise environments to ...
4 months ago Bleepingcomputer.com
MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers - Attackers appear to be pounding away at a couple of critical bugs that Progress Software disclosed this week in its MOVEit file transfer application, with nearly the same ferocity as they did the zero-day flaw the company disclosed almost exactly a ...
4 months ago Darkreading.com
MoveIt Transfer vulnerability targeted amid disclosure drama - Another vulnerability in Progress Software's MoveIt Transfer product is under attack amid an apparent leak of flaw. In security alerts published on Tuesday, Progress detailed two critical improper authentication vulnerabilities, one tracked as ...
4 months ago Techtarget.com
Progress Discloses Two New Vulnerabilities in MOVEit Products - Progress Software has disclosed two fresh vulnerabilities in its MOVEit file transfer products. The first is an authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration. It affects the Secure File Transfer Protocol ...
4 months ago Infosecurity-magazine.com
MOVEit victim count latest: 2.6K+ orgs, 77M+ people The Register - Quick show of hands: whose data hasn't been stolen in the mass exploitation of Progress Software's vulnerable MOVEit file transfer application? Anyone? According to security shop Emsisoft, 2,620 organizations and more than 77 million individuals have ...
11 months ago Theregister.com
CVE-2023-40043 - ...
1 year ago
Auto parts giant AutoZone warns of MOVEit data breach - AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks. AutoZone is the leading retailer and distributor of automotive spare parts and accessories in the U.S., operating ...
11 months ago Bleepingcomputer.com
MOVEit Hackers Accessed 632,000 Email Addresses at Defense, DOJ - The report, by the US Office of Personnel Management, provides new details about a cyberattack in which hackers exploited flaws in MOVEit, a popular file-transfer tool. Federal cybersecurity officers previously confirmed that government agencies were ...
11 months ago Bloomberg.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
4 months ago Securityaffairs.com
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
4 months ago Bleepingcomputer.com
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
4 months ago Bleepingcomputer.com
Exploit released for Fortra GoAnywhere MFT auth bypass bug - Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software that allows attackers to create new admin users on unpatched instances via the administration portal. GoAnywhere MFT is a web-based ...
9 months ago Bleepingcomputer.com
HackerOne paid ethical hackers over $300 million in bug bounties - HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and ...
11 months ago Bleepingcomputer.com
Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids - Progress quietly fixes MOVEit auth bypass flawsProgress Software has patched one critical and one high-risk vulnerability in MOVEit, its widely used managed file transfer software product. Open-source Rafel RAT steals info, locks Android devices, ...
4 months ago Helpnetsecurity.com
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
10 months ago Darkreading.com
CVE-2023-35036 - In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an ...
1 year ago
CVE-2023-35708 - In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an ...
1 year ago
CVE-2023-36934 - In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that ...
1 year ago
CVE-2023-36932 - In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web ...
1 year ago
CVE-2023-42660 - ...
1 year ago
Blue Shield of California members' Social Security numbers, other data stolen - Sensitive data from Blue Shield of California vision policy holders - including Social Security numbers, birth dates and addresses - may be among confidential patient information accessed by criminal hackers, the Oakland-based health insurance giant ...
11 months ago Siliconvalley.com
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
10 months ago Bloomberg.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)