Headline
MOVEit Transfer Faces Another Critical Data-Theft Bug
Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p’s data extortion rampage gallops on.
Yet another critical SQL injection vulnerability has been disclosed and patched in Progress Software’s MOVEit Transfer software — the fourth such flaw revealed in the space of a month.
The security bug (CVE-2023-36934) is distinct from the former zero-day flaw that’s being exploited with resounding success by the Cl0p ransomware gang. But like that bug, it could allow unauthenticated cyberattackers to access MOVEit Transfer databases, and from there execute malware, manipulate files, or exfiltrate information.
“An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content,” according to the Progress advisory on the bug.
The flaw hasn’t been exploited in the wild so far, according to the advisory — but given its severity, users are urged to patch it as soon as possible, along with two high-severity vulnerabilities (CVE-2023-36932 and CVE-2023-36933) disclosed at the same time.
The bugs affect MOVEit Transfer versions 12.1.10 and earlier, 13.0.8 and earlier, 13.1.6 and earlier, 14.0.6 and earlier, 14.1.7 and earlier, and 15.0.3 and earlier.
The other SQL vulnerabilities revealed since early June are CVE-2023-35708 and CVE-2023-35036, as well as CVE-2023-34362, which is Cl0p’s target and was discovered Memorial Day weekend.
Speaking of the Cl0p campaign, the extortion gang is galloping on, claiming 200+ victims so far, including government agencies. The blast radius of the campaign has been widened by compromised third-party vendors exposing their downstream customers.
Progress said this week that it plans to release MOVEit product updates every two months from now on.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe
Related news
While Progress has released patches for the vulnerabilities, attackers are trying to exploit them before organizations have a chance to remediate.
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).
Ransomware was the second most-observed threat this quarter, accounting for 17 percent of engagements, a slight increase from last quarter’s 10 percent.
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: MOVEit Tags: vulnerabilities Tags: CVE-2023-36934 Tags: CVE-2023-36932 Tags: CVE-2023-36933 CISA has warned users about three new vulnerabilities in Progress Software's MOVEit Transfer software. (Read more...) The post MOVEit Transfer fixes three new vulnerabilities appeared first on Malwarebytes Labs.
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized
Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker can leverage an information leak be able to upload a .NET deserialization payload.
These clinics offers pro-bono cybersecurity services — like incident response, general advice and ransomware defense — to community organizations, non-profits and small businesses that normally couldn’t afford to pay a private company for these same services.
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: Moveit Tags: CVE-2023-34362 Tags: CVE-2023-35036 Tags: Cl0p Progress has released an advisory about yet another MOVEit Transfer vulnerability while new victims of the first one keep emerging. (Read more...) The post MOVEit discloses THIRD critical vulnerability appeared first on Malwarebytes Labs.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: Moveit Tags: CVE-2023-34362 Tags: CVE-2023-35036 Tags: Cl0p Progress has released an advisory about yet another MOVEit Transfer vulnerability while new victims of the first one keep emerging. (Read more...) The post MOVEit discloses THIRD critical vulnerability appeared first on Malwarebytes Labs.
Progress MOVEit Transfer has a privilege escalation vulnerability that can be addressed with DLL drop-in version 2023.0.3 (15.0.3) and other specific fixed versions (stated below). The availability date of fixed versions of the DLL drop-in is earlier than the availability date of fixed versions of the full installer. The specific weakness and impact details will be mentioned in a later update to this CVE Record. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).
Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment." The
By Waqas Ofcom, the UK communications regulator, is the latest victim of the infamous Cl0p extortion gang, who have been exploiting MOVEit vulnerabilities to target high-profile firms. This is a post from HackRead.com Read the original post: UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: MOVEit Tags: Progress Tags: Cl0p Tags: ransomware Tags: CVE-2023-34362 A security audit of the MOVEit code has revealed more SQL injection vulnerabilities, while victims of the first vulnerability are coming to the surface. (Read more...) The post More MOVEit vulnerabilities found while the first one still resonates appeared first on Malwarebytes Labs.
Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: MOVEit Tags: Transfer Tags: CVE-2023-34362 Tags: BBC Tags: Zellis Tags: BA The first victims of the ongoing attacks on vulnerable MOVEit Transfer instances are coming forward. The Cl0p ransomware gang claims it is behind the attacks. (Read more...) The post Cl0p ransomware gang claims first victims of the MOVEit vulnerability appeared first on Malwarebytes Labs.
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS.