Security News > 2023 > June > New MOVEit Transfer zero-day mass-exploited in data theft attacks

Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations.

MOVEit Transfer is a managed file transfer solution developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.

Progress MOVEit Transfer is offered as an on-premise solution managed by the customer and a cloud SaaS platform managed by the developer.

BleepingComputer has learned that threat actors have been exploiting a zero-day in the MOVEit MFT software to perform mass downloading of data from organizations.

"Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment," reads a security advisory from Progress.

"If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch."

News URL

https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/