MOVEit Transfer Faces Another Critical Data-Theft Bug
Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on.
SQL is the language used to query databases, making injection flaws, insecure permissions, and exposed data important security risks.
Search across headline titles and summaries.
Background for this topic.
SQL is the language commonly used to query and modify relational databases, which store structured application data such as accounts, transactions, and records. In information security, SQL matters both as a core data-access technology and through vulnerabilities in the applications, database engines, and administration interfaces that use it.
SQL injection occurs when an application combines untrusted input with SQL commands, allowing an attacker—depending on the flaw and database permissions—to read, alter, or delete data or bypass application controls. Developers should use parameterized queries or prepared statements, avoid building commands through string concatenation, and apply least-privilege database accounts. Security teams should also track database and driver vulnerabilities, restrict administrative access, protect credentials, and monitor query and authentication logs. Input validation can supplement these controls but is not a reliable substitute for separating data from executable SQL.
Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p's data extortion rampage gallops on.
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities
MOVEit Transfer, the software at the center of the recent massive spree of Clop ransomware breaches, has received an update that fixes a critical-severity SQL injection bug and two other less severe vulnerabilities. [...]