Author Topic: MOVEit - secure data transfers with 0-day  (Read 761 times)

0 Members and 1 Guest are viewing this topic.

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7938
  • Country: de
  • A qualified hobbyist ;)
MOVEit - secure data transfers with 0-day
« on: June 06, 2023, 01:00:37 pm »
The 0-day:
   Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft (https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft)

The victims:
  MOVEit hack: BBC, BA and Boots among cyber attack victims (https://www.bbc.com/news/technology-65814104)

The bad guys:
 Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall (https://www.darkreading.com/application-security/microsoft-links-moveit-attack-cl0p-british-airways-fall)
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7938
  • Country: de
  • A qualified hobbyist ;)
Re: MOVEit - secure data transfers with 0-day
« Reply #1 on: June 16, 2023, 08:38:06 am »
Used since 2021:
  Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021 (https://www.kroll.com/en/insights/publications/cyber/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362)

And there's a second vulnerability:
  MOVEit Transfer Critical Vulnerability – CVE Pending (June 15, 2023) (https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023)

More victims:
  State governments among victims of MoveIT Transfer breach (https://www.techtarget.com/searchsecurity/news/366541896/State-governments-among-victims-of-MoveIT-Transfer-breach)
  US gov agencies slammed by MOVEit hack (https://cybernews.com/security/us-gov-agencies-hit-moveit-attack-clop/)
  Russian cybercrime gang hacks federal agencies (https://www.politico.com/news/2023/06/15/multiple-federal-agencies-hit-by-hack-00102229)
« Last Edit: June 16, 2023, 08:41:15 am by madires »
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7938
  • Country: de
  • A qualified hobbyist ;)
Re: MOVEit - secure data transfers with 0-day
« Reply #2 on: June 21, 2023, 02:33:13 pm »
Another victim: NortonLifeLock >:D
  NortonLifeLock Hacked, Cl0p Ransomware Gang Takes Responsibility (https://thecyberexpress.com/nortonlifelock-hacked-cl0p-ransomware-moveit/)

And there's already a database of victims:
   MOVEit victim list (https://konbriefing.com/en-topics/cyber-attacks-moveit-victim-list.html)
 

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 14885
  • Country: fr
Re: MOVEit - secure data transfers with 0-day
« Reply #3 on: June 21, 2023, 09:50:47 pm »
Well, the name is well choosen, data is being moved all over the place indeed. :-DD

Nice web site: https://www.progress.com/moveit
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf