Is MoveIT a big thing to worry about?

Topic

New Reply

If you’ve seen the news you may have heard about the MoveIT vulnerability. It’s a piece of software that many BIG businesses and goverments used to tr
[See the full post at: Is MoveIT a big thing to worry about?]

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

TechTango, lmacri, Lars220, oldfry

Reply | Quote

Replies

Does anyone else find it odd that a site with a security article won’t let your browser even see anything on the page unless you enable scripts to run?  :-O That’s what I see at this link: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

I use NoScript to make sure that malicious scripts can’t run when I visit an unknown site.  I’m starting to see more mainstream sites that are just  a blank page if their scripts can’t run.  It seems that webmasters don’t have much security training these days.  Sure, scripts can make your pages look all fancy, but they’re also an easy way for miscreants to send out nasty stuff to every system that visits.  🙁

 

Reply | Quote

If the government is hacked, we are in trouble.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

An XKCD grapic that might describe this situation.

https://imgs.xkcd.com/comics/dependency.png

5 users thanked author for this post.

GeeBeeDee, oldfry, Lars220, SueW, Sky

Reply | Quote

The Office of Motor Vehicles got hit in Louisiana and they got everyone in the state’s info:

https://www.expresslane.org/alerts/

2 users thanked author for this post.

TechTango, oldfry

Reply | Quote

geekdom wrote:

If the government is hacked, we are in trouble.

Government has been hacked.

Millions of Americans’ personal data exposed in global hack

Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday…

U.S. Energy Dept gets two ransom notices as MOVEit hack claims more victims

MOVEit Transfer and MOVEit Cloud Vulnerability

Status: PATCHED Last Update: June 18, 2023

..June 18, 2023, We have not seen any evidence that the vulnerability reported on June 15 has been exploited. Taking MOVEit Cloud offline for maintenance was a defensive measure to protect our customers and not done in response to any malicious activity. Because the new vulnerability we reported on June 15 had been publicly posted online, it was important that we take immediate action out of an abundance of caution to quickly patch the vulnerability and disable MOVEit Cloud…

Reply | Quote

I froze my credit on the big three credit bureaus, Experian, Equifax, and TransUnion in 2017 after the Equifax data breach.

https://en.wikipedia.org/wiki/2017_Equifax_data_breach

I check my credit rating every month. If it starts to decline, there could be an I.D. theft problem. Every year the I check big three credit bureaus to make my credit reports are still frozen.

Two years after the Equifax data breach, I got a CP01E notice from the IRS that someone had used my social security number to get a job i.e. Identity Theft. The IRS flagged my social # to prevent an impact on my taxes. It was likely a migrant worker that used my SS number to get a job.

https://www.irs.gov/individuals/understanding-your-cp01e-notice

I’ve had no issues since the 2017 Equifax breach.

Susan is right in saying, “be ready to put a freeze on your credit and log into your bank accounts to review activity.” It’s easy to do and provides some peace of mind.

Reply | Quote

What does ‘freeze on your credit’ mean ?

Reply | Quote

https://en.wikipedia.org/wiki/Credit_freeze

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

Alex5723

Reply | Quote

Just FYI…

One very important thing a lot of people overlook when initiating a credit freeze:

It prevents anyone but you from viewing your credit record… which includes potential “lenders” who’d need to verify your credit history if you trying to get a credit card, buy a car/house, rent something, etc., etc.

In those cases, you’ll need to “temporarily” lift the freeze beforehand so they can access your record or you won’t get approved!

Reply | Quote

But that includes anyone NOT you trying to do the same thing!

Reply | Quote

US govt offers $10 million bounty for info on Clop ransomware

The U.S. State Department’s Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government.

“Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward,” tweeted the Rewards for Justice Twitter account…

This new RFJ bounty comes after the Clop ransomware conducted data-theft attacks on companies worldwide using a zero-day vulnerability in the MOVEit Transfer security file transfer platform.

The attacks started on May 27th, over the long U.S. Memorial Day holiday, with the Clop ransomware gang claiming to have stolen data from hundreds of companies.

This week, Clop began extorting companies by listing their names on a data leak site, promising to start leaking data if a ransom was not paid…

Reply | Quote

Just fyi – Office of Motor Vehicles in Louisiana recommends freezing credit in item #1. In item #4.  to consider registering for a ssa.gov account. Keep in mind if your credit is frozen you will be unable to register for the ssa.gov account. Must thaw your credit to be able to set up the account.

1 user thanked author for this post.

oldfry

Reply | Quote

But that includes anyone NOT you trying to do the same thing!

I’m not totally clear on what you mean by this, but I’ll give it try.

When your freeze your credit, you are given a unique Freeze PIN number.  Only you have it.  To unfreeze, the PIN must be entered.

So even if someone has your SS number, they cannot sign-in to an individual credit bureau to unfreeze it.  A SS is not part the sign-in process.

 

Reply | Quote

It keeps other people from setting up new accounts or borrowing money using your credit rating, ie, contacting the Credit Bureaus to see if you are worthy, how much you make, how often you haven’t paid your bills, etc. The accounts can be set up with password, 2FA, notifications, PIN like any other business.

You can still use your credit cards. For you, it’s business as usual. But you have to unfreeze if you want to create a new account or make a loan, for as long as it takes you set it up. Then refreeze.

Reply | Quote

Totally correct.

Reply | Quote