The embarrassment of the MOVEit Transfer critical vulnerabilities won't stop
Take action: If anyone is *still* using Progress Software MOVEit Managed Transfer tool, make sure to patch it. Or just delete it and switch to GPG encrypted files on SFTP -Seems worth the effort.
Learn More
Progress Software has released yet another set of patches for three additional vulnerabilities in its MOVEit Transfer file transfer tool.
The latest patches address a new critical-severity vulnerabilit - flaw CVE-2023-36934 that could potentially allow unauthorized access to the MOVEit Transfer database. It's an SQL injection vulnerability that can be exploited even if an attacker doesn't have credentials on the server.
The other two vulnerabilities (CVE-2023-36932 and CVE-2023-36933) have a high severity rating and were discovered through the HackerOne platform.
While there is no mention of exploitation of the latest vulnerabilities, the original critical vulnerability has led to widespread cyberattacks, with over 220 known victims and more than 17.5 million individuals impacted.
Managed file transfer tools like MOVEit Transfer are attractive targets for data thieves due to their ability to handle large volumes of data.
