The United States warns of a vulnerability in MOVEit software

The US Cybersecurity and Infrastructure Security Agency has disclosed a vulnerability in Progress Software Corp’s MOVEit software. identified. Added to the Catalog of Known Exploited Vulnerabilities. A catalog you don’t want to shop in.

According to CISA, Progress Software Corp.’s MOVEit file transfer software a critical vulnerability and urges all US federal agencies to patch their systems by June 23rd.

May MOVEit

Basically, with MOVEit, companies can securely transfer files containing sensitive data internally or between different organizations. The software automates complex workflows and users can manage and view transfers in real time. MOVEit supports security protocols like FTPS, HTTPS and SFTP and encrypts data both at rest and in motion.

details

The current vulnerability has the code CVE-2023-34362 and is currently being actively exploited for data theft. This can be achieved by injecting custom SQL injection into a vulnerable transfer from MOVEit.

If successful, an attacker gains access to the transmission in question. Depending on how the database is controlled, the hacker can then extract information from the structure or content of the database.

The vulnerability affects both local and cloud-based MOVEit versions.

Solution

Progress Software has now released advice on how to deal with it, including details on how to mitigate the vulnerability’s impact.

According to Mike Parkin, a cybersecurity specialist, this could be a serious issue and he urges users to follow Progress’s advice as soon as possible.

Cybersecurity expert Craig Jones sees this new vulnerability as a warning that dangers lurk in the digital universe. Recent hacks at Russian cybersecurity firms Kaspersky and American Barracuda Networks support this statement.