Headline
Amazon Employee Data Compromised in MOVEit Breach
The data leak was not actually due to a breach in Amazon’s systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
Source: Ian Dagnall via Alamy Stock Photo
Amazon has confirmed that its employees’ data was exposed on a cybercrime forum due to the now-infamous MOVEit vulnerability.
The vulnerability, tracked as CVE-2023-34362, was discovered last year in the MOVEit file transfer software. The flaw allows hackers to bypass authentication on unpatched systems in order to access files, and it has affected thousands of organizations to date.
An Amazon spokesperson said that Amazon and AWS systems are secure and that its systems have not experienced a security breach. The “security event” actually occurred at a third-party property-management vendor, and several other customers it worked with in addition to Amazon were also affected, the person said. The type of compromised information includes work email addresses, desk phone numbers, and building locations.
“Amazon’s recent data breach, traced back to a third-party vendor’s use of the MOVEit tool, is another wake-up call for the supply chain’s hidden vulnerabilities,” Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, wrote in an emailed statement to Dark Reading. “The MOVEit flaw initially hit hundreds, but the shockwave extended across 2,700+ organizations as the ripple effects reached third- and even fourth-party vendors. We’ve identified over 600 MOVEit servers that were likely caught in this ‘spray’ attack — leaving a vast field of potential targets.”
Cybercrime intelligence company Hudson Rock referred to the fallout of the bug as one of the most substantial leaks of corporate information last year; and authors of the "Verizon Data Breach Investigation Report (DBIR)" in February noted that breaches attributable to MOVEit were so numerous that they skewed its statistics for the year.
Don’t miss the upcoming free Dark Reading Virtual Event, “Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors,” Nov. 14 at 11 a.m. ET. Don’t miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!
About the Author
Related news
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.
A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: Moveit Tags: CVE-2023-34362 Tags: CVE-2023-35036 Tags: Cl0p Progress has released an advisory about yet another MOVEit Transfer vulnerability while new victims of the first one keep emerging. (Read more...) The post MOVEit discloses THIRD critical vulnerability appeared first on Malwarebytes Labs.
The information leak threats are certainly new, but the education and messaging from security evangelists (and even just anyone trying to educate an older or less security-savvy family member) doesn’t change.
YouTube released a statement that “we will stop removing content that advances false claims that widespread fraud, errors, or glitches occurred in the 2020 and other past US Presidential elections.”