Another SQL vulnerability was discovered in MOVEit Transfer by Progress Software.

Progress Software is warning MOVEit Transfer users of a new SQL vulnerability. The software company recommends users to disable all HTTP and HTTPs traffic to their environment.

status

The new vulnerability could lead to unauthorized access to privileged environments. Progress hasn’t released a patch yet, but is testing one that the company says will be released soon.

Progress itself has disabled HTTP traffic for MOVEit Cloud. The company recommends users to adjust their firewalls and disable HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 until the patch is released.

It is still possible to transfer files using the SFTP and FTP/s protocols.

Not for the first time

Details on where this new vulnerability was propagated are not known, but an account on Twitter already seemed to have references to this zero-day.

This new threat comes days after MOVEit warned the Cybersecurity and Infrastructure Security Agency in the United States. In addition, there have been fears of data theft and extortion following hacks into MOVEit vulnerabilities.

The victims

Meanwhile, Clop, the website and hacking group, has started leaking data. The organization has already claimed responsibility for previous hacks via MOVEit and, given the data already shared, is likely behind more recent attacks via the software.

Big names that have certainly fallen victim are energy company Shell, Landal Greenparks and the University of Georgia. The US states of Missouri and Illinois and two US Department of Energy entities, the DEO, were also confirmed.

Clop’s recent leaks are evidence rather than threats, but it’s widely believed that multiple blackmail attempts are imminent.