Regulator, insurers and customers all coming for Progress after MOVEit breach

2023-10-16 02:58

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission now investigating the matter, and lots of affected parties seeking compensation.

Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "Various documents and information relating to the MOVEit Vulnerability."

"We are party to 58 class action lawsuits filed by individuals who claim to have been impacted by the exfiltration of data from the environments of our MOVEit Transfer customers," Progress stated in the filing.

Progress has also received "Formal letters" from 23 MOVEit customers who claim the vulnerability has cost them money, and some "Have indicated that they intend to seek indemnification." In addition, Progress is also facing a subrogation claim from an insurer, which means it's "Seeking recovery for all expenses incurred in connection with the MOVEit Vulnerability."

A recently discovered exploit in another Progress file transferring app, WS FTP, merited barely a mention in the SEC filing.

The aforementioned Progress software exploits, along with Log4j and other well-known vulnerabilities, all indicate that they've been used by ransomware actors.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/16/infosec_in_brief/

#breach #moveit #progress #regulator

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Progress		26	3	41	24	10	78