![]() When you have hundreds or maybe even thousands of victims to choose from, you start with the juiciest ones that are most likely to pay. The group successfully breached over 104 organizations by taking advantage of a zero-day vulnerability in the widely-used managed file transfer software, GoAnywhere MFT.Īs we have pointed out before, ransomware gangs can afford to play the long game now. Contributing to Cl0p's rise to the number one spot was its extensive GoAnywhere campaign. We saw a similar scenario unfold in March which caused Cl0p to occupy the first place as most used ransomware in our Ransomware Review for that month. This was confirmed by a Cl0p representative to Bleeping Computer, who also said that the criminals started exploiting the vulnerability on May 27th, during the US Memorial Day holiday. Microsoft says that the group behind the attacks on MOVEit instances is the Lace Tempest group, which is a known ransomware operator and runs the extortion website Cl0p. All versions (e.g., 2020.x) before the five explicitly mentioned versions are affected, including older unsupported versions. ![]() NOTE: this is exploited in the wild in May and June 2023 exploitation of unpatched systems can occur via HTTP or HTTPS. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. On Friday the CVE had not been assigned yet, but now this vulnerability has now been listed as:ĬVE-2023-34362: In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. As such, it has a large userbase in healthcare, education, US federal and state government, and financial institutions. MOVEit Transfer is a widely used file transfer software which encrypts files and uses secure File Transfer Protocols to transfer data. If your organization uses MOVEit Transfer and you haven’t patched yet, it really is time to move it.Įxcuse the bad pun, but yesterday we saw the first victims of this vulnerability come forward. On Friday Jwe reported about a MOVEit Transfer vulnerability that was actively being exploited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |