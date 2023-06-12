The United States Cybersecurity and Infrastructure Security Agency has identified a vulnerability in Progress Software Corp’s MOVEit software. added to their catalog of known exploited vulnerabilities. A catalog you don’t want to buy from.

MOVEit file transfer software from Progress Software Corp. contains a critical vulnerability, according to CISA, and urges all US federal agencies to patch their systems by June 23.

Love MOVEit

With MOVEit, companies can in principle transfer files containing sensitive data securely, internally or between different organizations. The software automates complex workflows and users can manage and view transfers in real time. MOVEit supports security protocols such as FTPS, HTTPS, and SFTP and encrypts data at rest and in motion.

Details

The current vulnerability has been coded CVE-2023-34362 and is currently being actively exploited for data theft. This can be done by giving a vulnerable MOVEit transfer a custom SQL injection.

If successful, an attacker gains access to the transfer in question. Depending on the database control, the attacker can then extract information from the structure or content of the database.

The vulnerability affects both on-premises and cloud-based MOVEit versions.

read also

This way you translate your security ambitions into clear business objectives

Solution

Meanwhile, Progress Software released advice to deal with it, including details to mitigate the impact of the vulnerability.

According to cybersecurity expert Mike Parkin, this is potentially a serious problem and he urges users to follow Progress’ advice as soon as possible.

Cybersecurity expert Craig Jones sees this new vulnerability as a warning that danger lurks in the digital world. Recent hacks by Russia’s Kaspersky cybersecurity firms and US Barracuda networks prove this claim.