Security News

Louisiana and Oregon warn that millions of driver's licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data. The agency says there is no indication that Clop used, sold, shared, or released any of that data, so the stolen data may have been deleted as the ransomware actors promised in their announcement to delete any stolen government data.

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The company is urging all its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared to address the weakness.

The US Department of Energy and other federal bodies are among a growing list of organizations hit by Russians exploiting the MOVEit file-transfer vulnerability. Many orgs, including the US government, have been hit via this flaw, with Clop blamed for this mass exploitation.

"Disable HTTP and HTTPS traffic to MOVEit Transfer," says Progress Software, and the timeframe for doing so is "Immediately", no ifs, no buts. Progress Software is the maker of file-sharing software MOVEit Transfer, and the hosted MOVEit Cloud alternative that's based on it, and this is its third warning in three weeks about hackable vulnerabilities in its product.

Progress warned MOVEit Transfer customers to restrict all HTTP access to their environments after info on a new SQL injection vulnerability was shared online today. "Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment," Progress said.

The Clop ransomware gang has started extorting companies impacted by the MOVEit data theft attacks, first listing the company's names on a data leak site-an often-employed tactic before public disclosure of stolen information. The Clop gang took responsibility for the attacks, claiming to have breached "Hundreds of companies" and warning that their names would be added to a data leak site on June 14th if negotiations did not occur.

As more victim organizations of Cl0p gang's MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. Rapid7 has released an analysis of the vulnerability and a full exploit chain for CVE-2023-34362.

Two more organizations hit in the mass exploitation of the MOVEit file-transfer tool have been named - the Minnesota Department of Education in the US, and the UK's telco regulator Ofcom - just days after security researchers discovered additional flaws in Progress Software's buggy suite. Ofcom disclosed this week it is among the businesses and public bodies that have had their internal data stolen by crooks exploiting a MOVEit flaw.

Horizon3 security researchers have released proof-of-concept exploit code for a remote code execution bug in the MOVEit Transfer managed file transfer solution abused by the Clop ransomware gang in data theft attacks. With the release of this RCE PoC exploit, more threat actors will likely move quickly to deploy it in attacks or create their own custom versions to target any unpatched servers left exposed to Internet access.

Progress Software customers who use the MOVEit Transfer managed file transfer solution might not want to hear it, but they should quickly patch their on-prem installations again: With the help of researchers from Huntress, the company has uncovered additional SQL injection vulnerabilities that could potentially be used by unauthenticated attackers to grab data from the web application's database. "The investigation is ongoing, but currently, we have not seen indications that these newly discovered vulnerabilities have been exploited," the company said, and confirmed that they've "Deployed a new patch to all MOVEit Cloud clusters to address the new vulnerabilities."