Fraud Management & Cybercrime , Governance & Risk Management , Patch Management

MOVEit Discloses More Vulnerabilities, Issues Patch

Progress Software Says New Vulnerabilities Are Unrelated to Zero-Day Used by Clop
MOVEit Discloses More Vulnerabilities, Issues Patch
Image: Shutterstock

The company behind the MOVEit managed file transfer application is urging customers into a new round of emergency patching after identifying additional vulnerabilities.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

Progress Software in a Friday update said it had identified additional SQL injection vulnerabilities allowing attackers access to the MOVEit transfer database. "These newly discovered vulnerabilities are distinct from the previously reported vulnerability," it wrote.

Likely hundreds of customers have already been affected by an SQL zero-day the company patched on May 31, tracked as CVE-2023-34362.

The Clop ransomware-as-a-service group said it orchestrated the attacks. The Russian-speaking gang has threatened to begin naming victims starting Wednesday (see: Clop Ransomware Gang Asserts It Hacked MOVEit Instances).

The Massachusetts company, whose products are popular with the government, health and education sectors, said the newly identified vulnerability doesn't yet have a CVE assigned to it. It allows an attacker to "submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content."

Cyber risk company Kroll said Clop may have started experimenting with how to exploit CVE-2023-34362 as early as 2021.

The assertion comes from logs showing automated scanning of MOVEit instances, including some emanating from IP addresses with the same network ID as known Clop addresses or an address previously attributed to Clop. The scans, said Kroll, scraped the unique identifier associated with each file transfer software customer. Log analysis found an instance of the scans occurring in July 2021.

"These findings highlight the significant planning and preparation that likely precede mass exploitation events," Kroll said.

Clop is behind other high-profile attacks on file transfer applications, including Accellion's File Transfer Appliance and GoAnywhere Managed File Transfer, made by Fortra (see: Fortra Hacker Installed Tools on Victim Machines).

About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.