June 10, 2023Ravi LakshmananVulnerability / Cyber ​​Threat

Progress Software, developer of the MOVEit Transfer application, has released patches to address a new SQL injection vulnerability affecting its file transfer solution that allows the theft of sensitive information.

“Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application, which could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database,” the company said. Said In a recommendation released on June 9, 2023.

“An attacker could send a specially crafted payload to the MOVEit Transfer application endpoint, resulting in the modification and disclosure of the contents of the MOVEit database.”

This flaw affecting all versions of the service is resolved in MOVEit Transfer versions 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1) it was done. .6), and 2023.0.2 (15.0.2).all MOVEit cloud instance Fully patched.

cyber security

Cybersecurity firm Huntress credited Discover and report vulnerabilities as part of a code review. Progress Software said it has not observed any indication that the newly discovered flaw is being exploited in the wild.

This development comes after the previously reported MOVEit Transfer vulnerability (CVE-2023-34362) was extensively exploited to drop a web shell onto the targeted system.

The activity is attributed to the notorious Cl0p ransomware gang, which has been organizing data theft campaigns and exploiting zero-day bugs in various managed file transfer platforms since December 2020.

upcoming webinars

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!

join the session

Kroll, an enterprise research and risk consulting firm, has been experimenting with how cybercrime gangs have exploited CVE-2023-34362 as far back as July 2021, extracting data from compromised MOVEit servers since at least April 2022. I also found evidence that they had devised a way to do it. .

Much of the malicious reconnaissance and testing activity in July 2021 was manual in nature until April 2022, when they switched to automated mechanisms to investigate and gather information from multiple organizations. It is said that

“The Clop threat actor appears to have completed the MOVEit Transfer exploit at the time of the GoAnywhere event and chose to execute the attack sequentially rather than in parallel,” the company said. “These findings highlight significant planning and preparation that presumably precedes large-scale exploitation events.”

Cl0p actors have also issued extortion notices to affected companies, asking them to contact the group by June 14, 2023 or publish the stolen information on a data exfiltration site.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog