Progress warns of critical MOVEit Automation auth bypass flaw
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. [...]
MOVEit is a managed file-transfer platform whose vulnerabilities can expose sensitive data and enable unauthorized access to connected systems.
Search across headline titles and summaries.
Background for this topic.
MOVEit is Progress’s managed file-transfer platform for exchanging and automating transfers of files between organizations, users, applications, and business partners. Deployments may include the web-based MOVEit Transfer server, APIs, and cloud services, often handling payroll, health, financial, or other sensitive records.
Its security significance centers on internet-facing transfer interfaces and the concentration of valuable data in the platform. SQL-injection flaws in MOVEit Transfer, including CVE-2023-34362, were exploited to access systems and steal files, making prompt application of vendor security updates and careful asset inventory essential. Practitioners should restrict administrative access, review exposed services and API permissions, monitor for unusual authentication or download activity, and preserve relevant server and web logs. After a suspected compromise, organizations need to determine which files and accounts were accessed, because the platform’s contents may trigger privacy, contractual, or regulatory reporting obligations.
Weekly headline count for the current query.
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. [...]
Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. [...]
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. [...]
The SEC concludes its investigation into Progress Software's handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. [...]
Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday. [...]
The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. [...]
Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. [...]
Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. [...]
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks. [...]
The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state's entire population. [...]
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. [...]
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software. [...]
The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware's MOVEit hacking spree. [...]
When a cyberattack like the 2023 MOVEit hack makes global news headlines, attention often focuses on the names of the affected organizations. This article from @Outpost24 overviews the Moveit hack and aims to draw some important actionable takeaways for your business. [...]
The Colorado Department of Health Care Policy & Financing (HCPF) is alerting more than four million individuals of a data breach that impacted their personal and health information. [...]
Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack. [...]
The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in MOVEit attacks. [...]
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server. [...]
U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks. [...]
The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom. [...]