MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers

Attackers appear to be pounding away at a couple of critical bugs that Progress Software disclosed this week in its MOVEit file transfer application, with nearly the same ferocity as they did the zero-day flaw the company disclosed almost exactly a year ago.
While patches are available for the new flaws, the big question now for affected organizations is whether they can apply them quickly enough to beat adversaries targeting their systems, especially with a proof-of-concept exploit available in the wild.
Patching Alone Is Insufficient Even those that might have already applied updates have more work to do because the original patch that Progress issued for one of the flaws does not mitigate new issues that the software maker discovered after the patch release.
The new MOVEit Transfer vulnerabilities are both improper authentication issues in the SFTP module.
They allow an attacker to potentially impersonate any user on an affected instance and take control of it.
One of the flaws, tracked as CVE-2024-5806, affects MOVEit Transfer versions from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, and from 2024.0.0 before 2024.0.2.
The other, identified as CVE-2024-5805, affects MOVEit Gateway: 2024.0.0.
When Progress first disclosed CVE-2024-5806 on June 25, the company assigned the flaw a medium-severity score of 7.4 out of a maximum possible 10 on the CVSS scale.
Progress quickly upgraded that score to 9.1 after researchers at watchTowr discovered a vulnerability in a third-party component used in MOVEit Transfer.
Progress described the issue as introducing new risks to organizations, including those that might have already applied the patch for CVE-2024-5806.
In an update to its original advisory, Progress urged affected organizations to install the patch and also block public inbound RDP access to MOVEit Transfer servers and limit outbound transfers to only known and trusted endpoints.
An Internet scan that Censys conducted on June 25 unearthed some 2,700 MOVEit Transfer instances online, most of them in the US. Internet scanning entity ShadowServer, which reported observing exploit attempts targeting CVE-2024-5806 almost immediately after Progress disclosed the flaw, identified some 1,800 instances online as of June 27.
In theory, an actor would need to identify an unpatched MOVEit Transfer instance and know a valid username for accessing the service, she says.
The new flaws come a year after Progress disclosed CVE-2023-34362, a SQL injection zero-day vulnerability in MOVEit Transfer that ranked as one of the most widely exploited flaws of 2023.
The Cl0p ransomware group, which claimed credit for discovering the flaw, was among the many that exploited it with devastating affect last year.
Affected organizations cannot afford to delay given how widely they are being targeted, says Mike Walters, president and co-founder of Action1.
Austin says CVE-2024-5806 is somewhat more complex than the SQL injection bug in MOVEit Transfer that Cl0p exploited throughout 2023.
Instance administrators should still take the new flaw very seriously and follow mitigation guidance provided by Progress Software, she says.
At this time, it seems unlikely that the exploitation of this vulnerability will be as widespread as last year's massive campaign exploiting CVE-2023-34362, says Paul Prudhomme, principal security analyst at SecurityScorecard.
Prudhomme reiterates that patching alone is not sufficient against vulnerabilities such as CVE-2024-5806.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 27 Jun 2024 17:40:08 +0000


Cyber News related to MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers

MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers - Attackers appear to be pounding away at a couple of critical bugs that Progress Software disclosed this week in its MOVEit file transfer application, with nearly the same ferocity as they did the zero-day flaw the company disclosed almost exactly a ...
5 months ago Darkreading.com
Hackers target new MOVEit Transfer critical auth bypass bug - Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it. MOVEit Transfer is a managed file transfer solution used in enterprise environments to ...
5 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
MoveIt Transfer vulnerability targeted amid disclosure drama - Another vulnerability in Progress Software's MoveIt Transfer product is under attack amid an apparent leak of flaw. In security alerts published on Tuesday, Progress detailed two critical improper authentication vulnerabilities, one tracked as ...
5 months ago Techtarget.com
Progress Discloses Two New Vulnerabilities in MOVEit Products - Progress Software has disclosed two fresh vulnerabilities in its MOVEit file transfer products. The first is an authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration. It affects the Secure File Transfer Protocol ...
5 months ago Infosecurity-magazine.com
MOVEit victim count latest: 2.6K+ orgs, 77M+ people The Register - Quick show of hands: whose data hasn't been stolen in the mass exploitation of Progress Software's vulnerable MOVEit file transfer application? Anyone? According to security shop Emsisoft, 2,620 organizations and more than 77 million individuals have ...
1 year ago Theregister.com
MOVEit Hackers Accessed 632,000 Email Addresses at Defense, DOJ - The report, by the US Office of Personnel Management, provides new details about a cyberattack in which hackers exploited flaws in MOVEit, a popular file-transfer tool. Federal cybersecurity officers previously confirmed that government agencies were ...
1 year ago Bloomberg.com
CVE-2023-40043 - ...
1 year ago
Auto parts giant AutoZone warns of MOVEit data breach - AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks. AutoZone is the leading retailer and distributor of automotive spare parts and accessories in the U.S., operating ...
1 year ago Bleepingcomputer.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
1 year ago Securityaffairs.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Egress Security: Part of a Holistic, Multidirectional Security Strategy for Today's Multicloud World - According to Enterprise Strategy Group, more than half of production workloads will be running on public cloud infrastructure within the next two years, positioning cloud computing center-stage as the best practice for solving critical business ...
10 months ago Feedpress.me
CVE-2023-35036 - In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an ...
1 year ago
CVE-2023-35708 - In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an ...
1 year ago
CVE-2023-36934 - In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that ...
1 year ago
CVE-2023-36932 - In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web ...
1 year ago
CVE-2023-42660 - ...
1 year ago
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
11 months ago Microsoft.com
Google and Apple Admit Government Spies On Users Via Push Notifications - Government authorities have been snooping on smartphone users via push notifications sent out by applications, wrote a US senator in a letter to the Department of Justice on December 6. Senator Ron Wyden of Oregon has requested that the Department of ...
11 months ago Cysecurity.news
Understanding the 2024 Cloud Security Landscape - As we swiftly move towards the second quarter of 2024, predictions by cloud security reports highlight the challenges of cloud adoption in the cloud security landscape. This growing reliance on cloud infrastructure raises the critical issue of ...
8 months ago Feeds.dzone.com
Blue Shield of California members' Social Security numbers, other data stolen - Sensitive data from Blue Shield of California vision policy holders - including Social Security numbers, birth dates and addresses - may be among confidential patient information accessed by criminal hackers, the Oakland-based health insurance giant ...
1 year ago Siliconvalley.com
Delta Dental of California Discloses Data Breach Impacting 6.9 Million People - Dental insurance giant Delta Dental of California is informing more than 6.9 million individuals that their personal information was compromised as result of the MOVEit hacking incident. In notification letters it started sending out last week to the ...
11 months ago Securityweek.com
Integration of Cisco Secure Threat Defense Virtual with Megaport - Business critical data can originate from diverse sources ranging from multiple public clouds, private clouds, and internal servers to a remote employee's device. Securing each data entity individually is time consuming and challenging due to lack of ...
6 months ago Feedpress.me
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
6 months ago Blog.checkpoint.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)