Security News > 2023 > June > More MOVEit mitigations: new patches published for further protection
Even if you're not a MOVEit customer, and even if you'd never heard of the MOVEit file sharing software before the end of last month.
As you can imagine, because this security hole existed in the web front-end to the MOVEit software, and because MOVEit is all about uploading, sharing and downloading corporate files with ease, these criminals abused the bug to grab hold of trophy data to give themselves blackmail leverage over their victims.
SQL INJECTION AND WEBSHELLS EXPLAINED. For a jargon-free explanation of how bugs of this type come about, and a rundown of one of the malware installation schemes used by the attackers when they exploited the hole, see our earlier explainer article entitled MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do Patches published quickly.
Well, here's a spot of good but urgent news from the no-doubt beleaguered developers at Progress Software: they've just published yet more patches for the MOVEit Transfer product.
All MOVEit Transfer customers must apply the new patch, released on June 9.
Even though this means more work for MOVEit customers, we'll say again that we consider this good news, because latent bugs that might otherwise have turned into yet more zero-day holes have now been closed off proactively.