Security News

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
2023-07-07 14:01

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer.The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized access to the MOVEit Transfer database.

MOVEit Transfer customers warned to patch new critical flaw
2023-07-07 12:35

"An SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database," reads Progress's security bulletin. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content" - MOVEit Transfer advisory.

Siemens Energy confirms data breach after MOVEit data-theft attack
2023-06-27 18:11

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.Today, Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach on the company.

Hackers steal data of 45,000 New York City students in MOVEit breach
2023-06-26 16:15

The New York City Department of Education says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.The Clop ransomware gang has claimed responsibility for the CVE-2023-34362 MOVEit Transfer attacks on June 5 in a statement shared with BleepingComputer, with the cybercrime gang saying it breached the MOVEit servers of "Hundreds of companies."

MOVEit compromise affects pension systems, insurers
2023-06-26 11:23

The compromise of PBI Research and The Berwyn Group's MOVEit installation has resulted in the theft of data belonging to several pension systems and insurance companies - and millions of their users. The fallout from the PBI Research MOVEit compromise.

MOVEIt breach impacts GenWorth, CalPERS as data for 3.2 million exposed
2023-06-23 15:06

PBI Research Services has suffered a data breach with three clients disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. In a MOVEit Security Event notice published on their website, Genworth says PBI informed them of the security breach on May 29th, 2023, and verified on June 16th that customers' personal data was stolen.

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)
2023-06-19 11:56

Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability discovered in the web application in less that a month. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," the company said on Thursday.

Third MOVEit bug fixed a day after PoC exploit made public
2023-06-16 23:05

Progress Software on Friday issued a fix for a third critical bug in its MOVEit file transfer suite, a vulnerability that had just been disclosed the day earlier. A researcher who goes by the handle MCKSys Argentina confirmed to The Register that a June 16 MOVEit patch for CVE-2023-35708 mitigated the researcher's PoC exploit code, which was shared in screenshot form.

Millions of Oregon, Louisiana state IDs stolen in MOVEit breach
2023-06-16 14:28

Louisiana and Oregon warn that millions of driver's licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data. The agency says there is no indication that Clop used, sold, shared, or released any of that data, so the stolen data may have been deleted as the ransomware actors promised in their announcement to delete any stolen government data.

Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack
2023-06-16 03:35

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The company is urging all its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared to address the weakness.