MOVEit Transfer Systems Face Fresh Attack Risk Following Scanning Activity Surge
GreyNoise observed a surge in scanning activity targeting MOVEit Transfer systems since May 27, indicating the software could face renewed attacks
MOVEit is a managed file-transfer platform whose vulnerabilities can expose sensitive data and enable unauthorized access to connected systems.
Search across headline titles and summaries.
Background for this topic.
MOVEit is Progress’s managed file-transfer platform for exchanging and automating transfers of files between organizations, users, applications, and business partners. Deployments may include the web-based MOVEit Transfer server, APIs, and cloud services, often handling payroll, health, financial, or other sensitive records.
Its security significance centers on internet-facing transfer interfaces and the concentration of valuable data in the platform. SQL-injection flaws in MOVEit Transfer, including CVE-2023-34362, were exploited to access systems and steal files, making prompt application of vendor security updates and careful asset inventory essential. Practitioners should restrict administrative access, review exposed services and API permissions, monitor for unusual authentication or download activity, and preserve relevant server and web logs. After a suspected compromise, organizations need to determine which files and accounts were accessed, because the platform’s contents may trigger privacy, contractual, or regulatory reporting obligations.
Weekly headline count for the current query.
GreyNoise observed a surge in scanning activity targeting MOVEit Transfer systems since May 27, indicating the software could face renewed attacks
An individual who posted data allegedly stolen via MOVEit from Amazon and other big-name firms claims not to be malicious
The Texas Dow Employees Credit Union told the Maine Attorney General the MOVEit data breach compromised information of over 500,000 members
After months of investigation, the SEC decided not to recommend any enforcement action against software provider Progress regarding the supply chain attack
Two authentication bypass vulnerabilities affect Progress Software’s MOVEit Transfer SFTP service in a default configuration and MOVEit Gateway
The MOVEit hack, OpenAI service targeting and Android spyware top the threat landscape in H2 2023, according to ESET
Unauthorized actors breached health data, including details related to dental procedures and claims
Lace Tempest looks to spread Clop malware to victims
The incident occurred between May 27 and 31 2023, before MOVEit Transfer vulnerability was publicly disclosed
CVSS 10.0 flaw was found in the WS_FTP Server software
National Student Clearinghouse reveals more details of incident
The data breach is suspected to be linked to the Clop MOVEit hack
NCC Group researchers observed 502 ransomware attacks in July 2023, with a large proportion made up of Clop’s continued exploitation of MOVEit
Information involved in the incident includes names, dates of birth and medical claims information
US government services firm is latest to reveal compromise
Coveware claims small number of victims paid very high ransoms
Scores of victims hit by MOVEit campaign
David Wallace, a senior threat intelligence analyst at Sophos, took a deep dive into Clop’s background and intrusion techniques
State department wants information on Clop ransomware actors
Progress Software scrambles to release a new security update