Security News > 2023 > June > CISA orders govt agencies to patch MOVEit bug used for data theft
CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23.
The critical flaw is an SQL injection vulnerability that enables unauthenticated, remote attackers to gain access to MOVEit Transfer's database and execute arbitrary code.
Progress advises all customers to patch their MOVEit Transfer instances to block exploitation attempts and potential breaches.
You can find the list of affected MOVEit Transfer versions and the fixed versions in the table embedded below.
Currently, there are more than 2,500 MOVEit Transfer servers on the Internet, most of which are in the United States.
Mandiant also found possible links between attacks targeting MOVEit Transfer servers and the FIN11 financially-motivated threat group, known for data theft extortion attempts through the Clop ransomware gang's leak site following exploitation of zero-days in other file transfer systems.