Get in Touch
Indiscriminate, opportunistic targeting.
Additional SQL injection vulnerabilities have been discovered within the MOVEit Transfer managed file transfer (MFT) solution. The CVE details are yet to be released. However, it should be noted that at the time of writing, no evidence exists to indicate that the vulnerabilities have been actively exploited in the wild.
Successful exploitation of these vulnerabilities allows threat actors to steal and modify client data from affected databases.
Progress Software has released a security patch pertaining to the vulnerability for the respective product versions. As such, previous versions are vulnerable to the potential exploitation.
All MOVEit Transfer versions
Containment, Mitigations & Remediations
It is strongly recommended that users apply the most recent security update as a matter of urgency. Details on how to apply the update can be found within the Progress Security advisory.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
The latest security update released by Progress Software has arrived just days following Clop ransomware operators claiming responsibility for exploiting a MOVEit zero-day vulnerability, tracked as CVE-2023-34362. The group has leveraged similar vulnerabilities in the past to achieve the objectives of data exfiltration and victim extortion. Clop ransomware operations have also been attributed to previous file transfer platform vulnerabilities such as the GoAnywhere MFT zero-day (CVE-2023-0669) in January 2023.
Although attribution to specific threat actors or groups is yet to be made regarding the most recent set of disclosed vulnerabilities, it is highly likely that Clop ransomware operators will leverage the flaws to further propagate their current attack campaign.
Common Attack Pattern Enumeration and Classification (CAPEC):
CAPEC-66 – SQL Injection