Progress Software has reported a third critical vulnerability in MOVEit Transfer in a short time. This has led to the cybergang Cl0p publishing the names of companies that have been hacked. MOVEit Transfer administrators are now on high alert, as another update of the software is necessary to seal a critical security leak. In addition, Cl0p has published the names of companies where it was able to break in through previous vulnerabilities and steal data.

Update Information - Fixes

MOVEit Transfer 2023.0.3 (15.0.3), 2022.1.7 (14.1.7), 2022.0.6 (14.0.6), 2021.1.6 (13.1.6), 2021.0.8 (13.0.8), and 202.1.10 (12.1.10) close the new critical vulnerability. Those using older versions of MOVEit Transfer must upgrade to a supported version.

MOVEit Transfer: Another update to close a critical gap

In a new security advisory, vendor Progress warns that due to another critical vulnerability in MOVEit Transfer, attackers can escalate their privileges and gain unauthorized access to the MOVEit environment. A CVE number has been requested but not yet assigned, he said. Progress urges all customers with MOVEit Transfer to take action.

Either they must install ready updates or take temporary countermeasures. Among them, such illustrious suggested solutions as, “Disable all HTTP and HTTPS traffic to your MOVEit Transfer environment.” IT managers could then access it via RDP and use https://localhost/ as the address.

Cybergang Cl0p increases pressure on victim companies

The cybergang Cl0p has begun publishing the names of companies that it has hacked and stolen data from on its darknet page. This includes well-known companies such as Shell, 1st Source, and Heidelberger Druckmaschinen. However, unlike other cybergangs, Cl0p has only published the names and addresses of the companies on its darknet page. It has not provided any evidence or references to the type or scope of the data that it has stolen.

There are also indications that the cybergang has also broken into US government institutions - such as the US Department of Energy and other government organizations - and copied data there. The cybergangsters write on their darknet site: “We get a lot of emails about government data. We don’t have that, we have completely deleted that information. We are only interested in business. Everything related to the government has been deleted.” However, this explains why in the meantime even the US cyber security authority CISA warns about the critical security vulnerabilities in MOVEit Transfer.

As recently as Friday evening last week, Progress had warned of another critical vulnerability in MOVEit Transfer. It was also revealed there that the cybergang Cl0p had apparently been experimenting with the first disclosed and massively abused vulnerability since 2021. The abuse of the vulnerability has affected numerous well-known victims. These include the BBC, British Airways and, in Germany, various AOK regional associations. So far, however, the AOKs have found no evidence of an outflow of social data. Last week, it became known that the ransomware gang Cl0p had massively abused the vulnerability and blackmailed affected companies.

Resources

Contact & Information

Do you have suggestions for improvement or would you like to have an article translated / created? Please contact me!