Security News > 2023 > June > S3 Ep140: So you think you know ransomware?

S3 Ep140: So you think you know ransomware?
2023-06-22 20:48

DUCK. I don't know whether that's true, but I like to think it is.

Before we get to stuff that's in the news, we are pleased, nay thrilled, to announce the first of three episodes of Think You Know Ransomware?

Some of our readers are saying, "Well, I went and had a look; I've got one of those routers and it's on the list, but there are no patches *now*. But I did get some patches a little while ago that seemed to fix these problems so why the advisory *now*?".

DUCK. I think you're right, Doug, because I don't really know why, given that for some of the routers these patches had already appeared why *now*?

Just to recap, the first one was CVE-2023-34362, which is when Progress Software said, "Oh no! There's a zero-day - we genuinely didn't know about this. It's a SQL injection, a command injection problem. Here's the patch. But it was a zero-day, and we found out about it because ransomware crooks, extortion crooks, were actively exploiting this. Here are some Indicators of Compromise [IoCs]."

So Progress Software said, "Look, somebody dropped this 0-day; we didn't know about it; we're working on the patch. In this tiny interim period, just turn off your web interface, and let us finish testing the patch."


News URL

https://nakedsecurity.sophos.com/2023/06/22/s3-ep140-so-you-think-you-know-ransomware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-34362 SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database.
network
low complexity
progress CWE-89
critical
9.8