EMEA Cybersecurity
Contact Us
Get A Quote
Written by Cyber Threat Intelligence Unit on 31 August 2023

Critical Alert: MOVEit Vulnerabilities Urgent Patching Required to Thwart Cyber Threats

The estimated reading time is approximately 4 to 5 minutes.

 

 

Opening a concerning chapter in cybersecurity, the discovery of the third flaw in MOVEit, known as CVE-2023-35708, which is an SQL injection vulnerability with a potential escalation privilege technique. MOVEit urges clients to turn off all HTTP and HTTPS traffic on ports 80 and 443 to MOVEit Traffic to safeguard the environment. Theoretically, a threat actor could submit a crafted payload to a MOVEit Transfer application endpoint that would modify and disclose MOVEit database content. The vulnerability impacts MOVEit Transfer versions before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).

 

Two other vulnerabilities were discovered last week: CVE-2023-35036 and CVE-2023-34362. CVE-2023-35036 is another SQL Injection that can be used to access the application's database content, which was disclosed on June 9, 2023. The bright(ish) news is that the second vulnerability has not been exploited in the wild. Not the same can be said about the 0-day that began this all. CVE-2023-34362 is the 0-day exploit that started it all, which has been present since at least July 2021 but remained undisclosed until May 31st.

 

Cl0p^, known as a ransomware group, has broadcast their use of the 0day to attack over 27 organizations and counting, including the US Department of Energy. Unfortunately, according to Censys, a web-based search platform, close to 31% of over 1,400 exposed hosts running MOVEit are in the financial services industry, 16% in healthcare, 9% in information technology, and 8% in government and military sectors, while almost 80% of the servers are in the U.S.

Progress Software has released an update to address the third vulnerability which is impacting its MOVEit Transfer application in the following versions: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).

 

Threat actors will not wait until your organization is all patched up. Most do not have any mercy. If there is one entry point, it's enough for them to weasel their way in.

 

We recommend installing the patches available on all systems with vulnerable MOVEit. With Cl0p^ going through the list of possible targets, there is a better time to play the risk.

Source
https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html
https://techcrunch.com/2023/06/16/us-confirms-federal-agencies-hit-by-moveit-breach-as-hackers-list-more-victims/
https://www.darkreading.com/vulnerabilities-threats/third-moveit-transfer-vulnerability-progress-software
https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/

Related Posts

Hitachi Systems Trusted Cyber Management Appoints Gajen Kandiah as Chairman of the Board

22 January 2024
SANTA CLARA, CALIFORNIA—January 22, 2024— Hitachi Systems Trusted Cyber Management (HSTCM) is pleased to announce the appointment of Gajen Kandiah as its new Chairman of the Board, effective January 1, 2024. Kandiah succeeds Shin Kuno, who served as Chairman of the HSTCM Board since September 2022.
Read more

Fortify Your Cyber Resilience: The Impact of Purple Team Tabletop Exercises

29 November 2023
In an era where cyberattacks have become an unavoidable reality, organizations are grappling with the constant threat of security breaches. Hitachi Systems Security is at the forefront of combating this challenge with an innovative approach - the Purple Team Tabletop Exercise. This cybersecurity training and testing method redefines how organizations respond to cyber threats and […]
Read more

Safeguarding Your E-commerce and Customers This Black Friday

21 November 2023
With Black Friday in full swing, businesses operating e-commerce platforms find themselves at the forefront of the digital shopping frenzy. As consumers eagerly seize cyber deals, the importance of maintaining vigilance online cannot be overstated. The surge in online shopping also brings with it an increased risk of scams and data theft. Traditionally, credit card […]
Read more
phone-handsetcrossmenu