Security News

The chart shows that extortion attacks with the lowest complexity and automation have the least impact on victims and cost to the attackers. On May 27th, the Clop ransomware gang began widespread data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform.

As of today, the number of affected organizations is closing is on 400 and include some really big names: the US Department of Energy and other federal agencies as well as huge corporations like energy company Shell, Deutsche Bank, consulting and business services firm PwC, and retail giant TJX Companies, which confirmed to The Register on Wednesday that "Some files were downloaded by an unauthorized third party before Progress notified us of the vulnerability." As the infosec team notes, some of the companies whose MOVEit installations were breached provide services to many other organizations.

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer.The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized access to the MOVEit Transfer database.

"An SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database," reads Progress's security bulletin. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content" - MOVEit Transfer advisory.

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.Today, Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach on the company.

The New York City Department of Education says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.The Clop ransomware gang has claimed responsibility for the CVE-2023-34362 MOVEit Transfer attacks on June 5 in a statement shared with BleepingComputer, with the cybercrime gang saying it breached the MOVEit servers of "Hundreds of companies."

The compromise of PBI Research and The Berwyn Group's MOVEit installation has resulted in the theft of data belonging to several pension systems and insurance companies - and millions of their users. The fallout from the PBI Research MOVEit compromise.

PBI Research Services has suffered a data breach with three clients disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. In a MOVEit Security Event notice published on their website, Genworth says PBI informed them of the security breach on May 29th, 2023, and verified on June 16th that customers' personal data was stolen.

Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability discovered in the web application in less that a month. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," the company said on Thursday.

Progress Software on Friday issued a fix for a third critical bug in its MOVEit file transfer suite, a vulnerability that had just been disclosed the day earlier. A researcher who goes by the handle MCKSys Argentina confirmed to The Register that a June 16 MOVEit patch for CVE-2023-35708 mitigated the researcher's PoC exploit code, which was shared in screenshot form.