In a recent turn of events, Progress Software, a global technology firm, has identified a third security vulnerability within its MOVEit Transfer application. This application is typically used for secure data transfer among businesses, and this flaw has been exploited in a wave of cyber attacks by the Cl0p group, notorious for their ransomware attacks.
The vulnerability is a type of bug known as an SQL injection, which could allow unauthorized individuals to gain undue access and privileges. As an immediate response, Progress Software is urging its users to halt specific internet traffic to the MOVEit Transfer until a fix is developed and released.
Interestingly, this is not a one-off incident. A week prior, Progress Software brought to light a similar SQL injection bug. In addition, another vulnerability (CVE-2023-34362) has been identified and was exploited by Cl0p as early as July 2021.
Cl0p has taken responsibility for breaching the security of 27 companies, including multiple U.S. federal agencies, through this vulnerability. The actual number of affected organizations may be much larger than the figures from Cl0p’s previous campaign.
A study by Censys, an internet device search platform, reveals that a significant percentage of the exposed systems (around 31%) belong to the financial services industry, followed by healthcare, IT, and government/military sectors. Furthermore, approximately 80% of these vulnerable servers are based in the U.S. This issue underscores the need for heightened security measures across these sectors as Progress Software diligently works towards a resolution.
