Security news aggregator

Latest coverage for MOVEit

MOVEit is a managed file-transfer platform whose vulnerabilities can expose sensitive data and enable unauthorized access to connected systems.

16 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

MOVEit is Progress’s managed file-transfer platform for exchanging and automating transfers of files between organizations, users, applications, and business partners. Deployments may include the web-based MOVEit Transfer server, APIs, and cloud services, often handling payroll, health, financial, or other sensitive records.

Its security significance centers on internet-facing transfer interfaces and the concentration of valuable data in the platform. SQL-injection flaws in MOVEit Transfer, including CVE-2023-34362, were exploited to access systems and steal files, making prompt application of vendor security updates and careful asset inventory essential. Practitioners should restrict administrative access, review exposed services and API permissions, monitor for unusual authentication or download activity, and preserve relevant server and web logs. After a suspected compromise, organizations need to determine which files and accounts were accessed, because the platform’s contents may trigger privacy, contractual, or regulatory reporting obligations.

Showing 16 most recent headlines Filtered view

As another CVE is assigned Two more organizations hit in the mass exploitation of the MOVEit file-transfer tool have been named – the Minnesota Department of Education in the US, and the UK's telco regulator Ofcom – just days after security researchers discovered additional flaws in Progress Software's buggy suite.…

Also, the FBI's $180k investment in AN0M keeps paying off, and this week's critical vulnerabilities Infosec in brief Security firms helping Progress Software dissect the fallout from a ransomware attack against its MOVEit file transfer suite have discovered more issues that the company said could be used to stage additional exploits.…