HomeTechnologyHackers Are Targeting New Security Flaw Found in MOVEit Transfer Tool -...

Hackers Are Targeting New Security Flaw Found in MOVEit Transfer Tool – UnlistedNews

Hackers stole data from the systems of several users of the popular file transfer tool MOVEit Transfer, US security researchers said Thursday, a day after the software maker revealed a flaw had been discovered. of security.

Software maker Progress Software Corp, after disclosing the vulnerability on Wednesday, said it could lead to possible unauthorized access to users’ systems.

Managed file transfer software created by the Burlington, Massachusetts-based company enables organizations to transfer files and data between business partners and customers.

It was not immediately clear which or how many organizations use the software or were affected by possible breaches. Chief Information Officer Ian Pitt declined to share those details, but said Progress Software had made fixes available since discovering the vulnerability late on May 28.

The software’s namesake cloud-based service was also affected by this, he told Reuters.

“As of now we don’t see any exploits of the cloud platform,” he said.

Cybersecurity firm Rapid7 and Mandiant Consulting, owned by Alphabet’s Google, said they had found a number of cases where the flaw had been exploited to steal data.

“Massive exploitation and extensive data theft has occurred in recent days,” Charles Carmakal, Mandiant Consulting’s chief technology officer, said in a statement.

Such “zero-day” or previously unknown vulnerabilities in managed file transfer solutions have led to data theft, leaks, extortion and victim-shaming in the past, Mandiant said.

“Although Mandiant does not yet know the motivation of the threat actor, organizations should prepare for possible extortion and publication of the stolen data,” Carmakal said.

Rapid7 said it had noticed an increase in compromise cases related to the flaw since it was disclosed.

Progress Software has outlined steps that at-risk users can take to mitigate the impact of the security vulnerability.

Pitt did not comment on who might have been trying to steal data by exploiting the flaw.

“We have no evidence that it is used to spread malware,” he said.

MOVEit Transfer was used by a relatively “small” number of customers compared to the company’s other software products that number more than 20, he said.

“We have forensic partners on board and we’re working with them to make sure we have an ever-evolving understanding of the situation.”

© Thomson Reuters 2023


Apple’s annual developer conference is just around the corner. From the company’s first mixed reality headset to new software updates, we take a look at everything we expect to see at WWDC 2023 on Orbital, the Gadgets 360 podcast. Orbital is available at Spotify, gana, jiosaavn, Google Podcasts, Apple Podcasts, amazon music and wherever you get your podcasts.
Affiliate links can be generated automatically; see our ethics statement for more details.

Source

Sara Marcus
Sara Marcushttps://unlistednews.com
Meet Sara Marcus, our newest addition to the Unlisted News team! Sara is a talented author and cultural critic, whose work has appeared in a variety of publications. Sara's writing style is characterized by its incisiveness and thought-provoking nature, and her insightful commentary on music, politics, and social justice is sure to captivate our readers. We are thrilled to have her join our team and look forward to sharing her work with our readers.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments