Security news aggregator

Latest coverage for MOVEit

MOVEit is a managed file-transfer platform whose vulnerabilities can expose sensitive data and enable unauthorized access to connected systems.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

MOVEit is Progress’s managed file-transfer platform for exchanging and automating transfers of files between organizations, users, applications, and business partners. Deployments may include the web-based MOVEit Transfer server, APIs, and cloud services, often handling payroll, health, financial, or other sensitive records.

Its security significance centers on internet-facing transfer interfaces and the concentration of valuable data in the platform. SQL-injection flaws in MOVEit Transfer, including CVE-2023-34362, were exploited to access systems and steal files, making prompt application of vendor security updates and careful asset inventory essential. Practitioners should restrict administrative access, review exposed services and API permissions, monitor for unusual authentication or download activity, and preserve relevant server and web logs. After a suspected compromise, organizations need to determine which files and accounts were accessed, because the platform’s contents may trigger privacy, contractual, or regulatory reporting obligations.

Volume over time

Weekly headline count for the current query.

Showing 10 most recent headlines Filtered view
Bank Info Security 2 months, 2 weeks ago

NY Fines Delta Dental $2.25M Over 2023 MOVEit Hack

Investigators Find Violations of State Cyber RegulationsNew York fined Delta Dental $2.25 million for the company's response to the mass exploit of a zero-day vulnerability in Progress Software' MOVEit file transfer application. Delta Dental is one of thousands of organizations caught up in the blast radius of an automated 2023 Memorial Day hack.

Bank Info Security 10 months, 3 weeks ago

Nuance Agrees to Pay $8.5M to Settle MOVEit Hack Litigation

Settlement Is Latest Among Scores of Other MOVEit Lawsuits Still PendingNuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software's MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance's healthcare clients.

Attackers Catalog IP Addresses With Open Ports, Seeking Exploitable ServicesSomeone - nobody knows who - is performing mass internet scans probing for MOVEit secure file-transfer installations, in what may be the precursor to a mass attack. Attackers regularly scan IP addresses for open ports, seeking exploitable services and devices.

Bank Info Security 27 Jun 2025, 5:30 a.m. MOVEit

File-Transfer Software Being Exploited by One or More Groups; Vendor Pushes PatchesThe ransomware group Clop is claiming credit for the mass exploitation of managed file-transfer software built by Cleo Communications, following on from the similar targeting of MOVEit file-transfer in 2023. Many large organizations rely on the MFT server software to securely transfer files.

Bank Info Security 1 year, 9 months ago

CMS Now Says 3.1 Million Affected by MOVEit Hack

New Estimate Is 3 Times Higher Than Number Agency Initially Publicly DisclosedThe U.S. Centers for Medicare and Medicaid Services has updated the scope of the MOVEit hacking breach last year, telling a sister agency that the software supply chain attack affected more than 3.1 million individuals - about three times the number of victims disclosed publicly earlier this month.

Bank Info Security 1 year, 10 months ago

Credit Union Issues Belated MOVEit Data Breach Notification

Texas Credit Union Only Just Notifying 500,000 Members About May 2023 Data TheftFifteen months after a massive supply-chain attack hit users of MOVEit secure file-transfer software, Texas Dow Employees Credit Union has issued a data breach notification pertaining to 500,474 victims, saying it only discovered last month their personally identifiable information got stolen.

Progress Software: 'Newly Disclosed Third-Party Vulnerability Introduces New Risk'Hackers jumped on a new flaw in Progress Software's MOVEit managed file transfer application just hours after maker Progress Software publicly disclosed the critical flaw, which allowsattackers to bypass authentication. Customers of the Massachusetts company are no strangers to emergency patching.

Bank Info Security 2 years, 2 months ago

Verizon Breach Report: Vulnerability Hacks Tripled in 2023

Data Breach Report Lead Author Alex Pinto Discusses Top Findings, Best PracticesVerizon's 17th annual 2024 Data Breach Investigations Report highlights a troubling trend: The exploitation of vulnerabilities in the wild has tripled, primarily due to ransomware actors targeting zero-day vulnerabilities, such as the MOVEit flaw that triggered numerous data theft incidents.

Bank Info Security 2 years, 7 months ago

Welltok's MOVEit Hack Affects Nearly 8.5 Million, So Far

About 2 Dozen Welltok Health Plan Clients Affected in File Transfer Software HackThe tally of individuals whose health data was compromised in a hack on MOVEit file transfer software used by Welltok, a provider of online wellness resources to dozens of health plans, has soared to nearly 8.5 million. The hack is among the biggest health data breaches reported so far this year.

Bank Info Security 2 years, 7 months ago

Known MOVEit Attack Victim Count Reaches 2,618 Organizations

77 Million Individuals' Information Exposed, as More Victims Continue to Be CountedTrackers of the tally of individuals affected by the Clop ransomware group's mass hack attack on MOVEit servers added another 4.5 million patients' data to the ever-ascending total. The incident currently affects more than 2,600 organizations and 77 million individuals.