MoveIt Transfer vulnerability targeted amid disclosure drama

Another vulnerability in Progress Software's MoveIt Transfer product is under attack amid an apparent leak of flaw.
In security alerts published on Tuesday, Progress detailed two critical improper authentication vulnerabilities, one tracked as CVE-2024-5806 affecting its MoveI Transfer Product and another assigned CVE-2024-5805 in its MoveItGateway product.
Reports of exploitation against CVE-2024-5806 are mounting and it's crucial to patch based on past attacks.
Last year, the Clop ransomware group claimed thousands of MoveIt Transfer customers by exploiting a different zero-day vulnerability in the managed file transfer product.
The Shadowserver Foundation, a non-profit cybersecurity organization, began observing exploitation attempts against CVE-2024-5806 on Tuesday.
The organization emphasized that exploitation started promptly following public disclosure, a trend that's become increasingly concerning for the infosec industry.
Progress released fixes for both flaws on June 11 and urged users to upgrade to the latest MoveIt versions.
Progress clarified the disclosure timeline in a statement to TechTarget Editorial on Tuesday.
Progress said it still has not received reports of exploitation as of Wednesday.
Just prior to Progress Software's public disclosure of CVE-2024-5806 on Tuesday, cybersecurity vendor WatchTowr Labs revealed in a blog post that an anonymous source, who goes by the handle dav1d b141ne, had previously published details about the vulnerability in an internet relay chat.
According to a chat transcript sent to WatchTowr, dav1d b141ne said that Progress Software was contacting customers regarding an improper authentication bypass vulnerability in its MoveIt Transfer product.
While testing the vulnerability, WatchTowr researchers concluded that the issue involves two separate vulnerabilities: one in Progress MoveIt and one in a third-party library for IPWorks SSH server.
WatchTowr stressed that the vulnerability resulted from the interplay between MoveIt and IPWorks SSH, specifically a failure to handle an error condition.
WatchTowr researchers stressed that this type of vulnerability is not easily discoverable, and it remains unclear how Progress Software and dav1d b141ne discovered it.
WatchTowr applauded Progress Software on the condition that it found the vulnerability during a routine code review and analyzed the root cause.
Progress Software has since removed 'limited scenarios' language from the advisory.
WatchTowr also applauded Progress Software's private disclosure process with customers that may have been ongoing for weeks or months.
Ryan Emmons, lead security researcher at Rapid7, also addressed the vulnerabilities in an blog post published on Tuesday and warned exploitation could lead to an authentication bypass.
While testing a vulnerable MoveIt Transfer instance, Emmons said Rapid7 researchers discovered three concerning risks.
Cailtin Condon, director of vulnerability research and intelligence at Rapid7, told TechTarget Editorial that the security vendor had not received reports of exploitation as of Wednesday.


This Cyber News was published on www.techtarget.com. Publication date: Wed, 26 Jun 2024 19:13:05 +0000


Cyber News related to MoveIt Transfer vulnerability targeted amid disclosure drama

Hackers target new MOVEit Transfer critical auth bypass bug - Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it. MOVEit Transfer is a managed file transfer solution used in enterprise environments to ...
4 months ago Bleepingcomputer.com
MoveIt Transfer vulnerability targeted amid disclosure drama - Another vulnerability in Progress Software's MoveIt Transfer product is under attack amid an apparent leak of flaw. In security alerts published on Tuesday, Progress detailed two critical improper authentication vulnerabilities, one tracked as ...
4 months ago Techtarget.com
MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers - Attackers appear to be pounding away at a couple of critical bugs that Progress Software disclosed this week in its MOVEit file transfer application, with nearly the same ferocity as they did the zero-day flaw the company disclosed almost exactly a ...
4 months ago Darkreading.com
Progress Discloses Two New Vulnerabilities in MOVEit Products - Progress Software has disclosed two fresh vulnerabilities in its MOVEit file transfer products. The first is an authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration. It affects the Secure File Transfer Protocol ...
4 months ago Infosecurity-magazine.com
CVE-2023-40043 - ...
1 year ago
MOVEit victim count latest: 2.6K+ orgs, 77M+ people The Register - Quick show of hands: whose data hasn't been stolen in the mass exploitation of Progress Software's vulnerable MOVEit file transfer application? Anyone? According to security shop Emsisoft, 2,620 organizations and more than 77 million individuals have ...
11 months ago Theregister.com
Auto parts giant AutoZone warns of MOVEit data breach - AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks. AutoZone is the leading retailer and distributor of automotive spare parts and accessories in the U.S., operating ...
11 months ago Bleepingcomputer.com
CVE-2023-35708 - In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an ...
1 year ago
CVE-2023-36934 - In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that ...
1 year ago
CVE-2023-42660 - ...
1 year ago
CVE-2023-35036 - In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an ...
1 year ago
CVE-2023-36932 - In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web ...
1 year ago
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
11 months ago Bleepingcomputer.com
MOVEit Hackers Accessed 632,000 Email Addresses at Defense, DOJ - The report, by the US Office of Personnel Management, provides new details about a cyberattack in which hackers exploited flaws in MOVEit, a popular file-transfer tool. Federal cybersecurity officers previously confirmed that government agencies were ...
11 months ago Bloomberg.com
Delta Dental of California Discloses Data Breach Impacting 6.9 Million People - Dental insurance giant Delta Dental of California is informing more than 6.9 million individuals that their personal information was compromised as result of the MOVEit hacking incident. In notification letters it started sending out last week to the ...
10 months ago Securityweek.com
Delta Dental says data breach exposed info of 7 million people - Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people ...
10 months ago Bleepingcomputer.com
Delta Dental of California data breach exposed info of 7 million people - Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental of California is a dental insurance provider ...
10 months ago Bleepingcomputer.com
CVE-2021-31827 - In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the ...
3 years ago
CVE-2023-42656 - ...
1 year ago
Blue Shield of California members' Social Security numbers, other data stolen - Sensitive data from Blue Shield of California vision policy holders - including Social Security numbers, birth dates and addresses - may be among confidential patient information accessed by criminal hackers, the Oakland-based health insurance giant ...
11 months ago Siliconvalley.com
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
5 months ago Infosecurity-magazine.com
Data Diodes: One-Way Information Transfer - A flash drive used to deliver data to an isolated network segment could unintentionally become a vessel for confidential information to leave the company. For about a decade, there has been a much more elegant and technologically advanced solution ...
10 months ago Feeds.dzone.com
CVE-2017-6195 - Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. ...
7 years ago
CVE-2022-22774 - The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)