Security News > 2023 > June > MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”
"Disable HTTP and HTTPS traffic to MOVEit Transfer," says Progress Software, and the timeframe for doing so is "Immediately", no ifs, no buts.
Progress Software is the maker of file-sharing software MOVEit Transfer, and the hosted MOVEit Cloud alternative that's based on it, and this is its third warning in three weeks about hackable vulnerabilities in its product.
At the end of May 2023, cyberextortion criminals associated with the Clop ransomware gang were found to be using a zero-day exploit to break into servers running the MOVEit product's web front-end.
We have taken HTTPS traffic down for MOVEit Cloud in light of the newly published vulnerability and are asking all MOVEit Transfer customers to immediately take down their HTTP and HTTPS traffic to safeguard their environments while the patch is finalized.
As Progress has mentioned before, this group of so-called command injection bugs can only be triggered via MOVEit's web-based portal, using HTTP or HTTPS requests.
Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment.