Security News > 2023 > July > Deloitte and Chuck E. Cheese join 500+ orgs as MOVEit victims

Deloitte and Chuck E. Cheese join 500+ orgs as MOVEit victims
2023-07-27 20:01

Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have breached using the MOVEit file transfer hack.

"Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor's security updates and performed mitigating actions in accordance with the vendor's guidance," a Deloitte Global spokesperson explained.

In a statement provided to The Register, a spokesperson said Maximus responded "Quickly" to mitigate the MOVEit vulnerability, and is continuing investigating the incident.

"To be clear, we have not identified any impact from the MOVEit vulnerability on other parts of our corporate network and remain confident in the integrity of the network," the Maximus spokesperson said.

Progress Software, which makes the MOVEit file transfer suite, is facing multiple class-action lawsuits stemming from the vulnerability.

Progress Software initially disclosed the first MOVEit bug, a SQL injection vulnerability tracked as CVE-2023-34362, on May 31 and patched it the next day.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/07/27/deloitte_moveit_hack/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-34362 SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database.
network
low complexity
progress CWE-89
critical
9.8