MOVEit - secure data transfers with 0-day

[madires]

The 0-day:
   Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft (https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft)

The victims:
  MOVEit hack: BBC, BA and Boots among cyber attack victims (https://www.bbc.com/news/technology-65814104)

The bad guys:
 Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall (https://www.darkreading.com/application-security/microsoft-links-moveit-attack-cl0p-british-airways-fall)

[madires]

Used since 2021:
  Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021 (https://www.kroll.com/en/insights/publications/cyber/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362)

And there's a second vulnerability:
  MOVEit Transfer Critical Vulnerability – CVE Pending (June 15, 2023) (https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023)

More victims:
  State governments among victims of MoveIT Transfer breach (https://www.techtarget.com/searchsecurity/news/366541896/State-governments-among-victims-of-MoveIT-Transfer-breach)
  US gov agencies slammed by MOVEit hack (https://cybernews.com/security/us-gov-agencies-hit-moveit-attack-clop/)
  Russian cybercrime gang hacks federal agencies (https://www.politico.com/news/2023/06/15/multiple-federal-agencies-hit-by-hack-00102229)

[madires]

Another victim: NortonLifeLock
  NortonLifeLock Hacked, Cl0p Ransomware Gang Takes Responsibility (https://thecyberexpress.com/nortonlifelock-hacked-cl0p-ransomware-moveit/)

And there's already a database of victims:
   MOVEit victim list (https://konbriefing.com/en-topics/cyber-attacks-moveit-victim-list.html)

[SiliconWizard]

Well, the name is well choosen, data is being moved all over the place indeed.

Nice web site: https://www.progress.com/moveit