Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software, tracked as CVE-2023-34362, to steal data from organizations.
MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads…
Yesterday, Progress released a security advisory warning customers of a “Critical” vulnerability in MOVEit MFT, offering mitigations until patches are installed.
“Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment,” reads a security advisory from Progress.
“If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch.”
To prevent exploitation, the developers warn admins to block external traffic to ports 80 and 443 on the MOVEit Transfer server…
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
New MOVEit Transfer zero-day mass-exploited in data theft attacks
- This topic has 0 replies, 1 voice, and was last updated 4 months ago.
Author
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
A.I. and AskWoody
by 4 minutes ago
-
Where is Windows Update?
by 1 hour, 59 minutes ago
-
mailwasher
by 2 hours, 27 minutes ago
-
Windows Photos
by 3 hours, 16 minutes ago
-
OT QuickBooks payroll module not letting you efile 941
by 4 hours, 15 minutes ago
-
MSA logins have been retired from DPC May 1st
by 4 hours, 13 minutes ago
-
Administrator Lock
by 8 hours, 13 minutes ago
-
Skype cancels loopback audio
by 12 hours, 5 minutes ago
-
Python re-installation
by 10 hours, 29 minutes ago
-
Finally updated to Thunderbird 115
by 2 hours, 58 minutes ago
-
Hard drive boot up problem in Windows AND Linux
by 20 hours, 4 minutes ago
-
WSUS fails to download monthly Cumulative Update for Windows 11 Version 22H2
by 3 hours, 28 minutes ago
-
Excel tone
by 8 hours, 10 minutes ago
-
Wait for the bugs to be worked out
by 14 hours, 37 minutes ago
-
What Windows Really Needs [Pure OPINION]
by 6 hours, 52 minutes ago
-
“Winmail.dat” attachments when email is sent from Outlook to Thunderbird
by 23 hours, 1 minute ago
-
win 11 22H2 Memory itegrity error
by 1 day, 6 hours ago
-
McLaren Health Care 6TB data breach
by 20 hours, 17 minutes ago
-
Long Live the Red Envelope Era | Farewell to DVDs | Netflix
by 1 day, 9 hours ago
-
Faststone Image Viewer updates
by 2 days, 11 hours ago
-
Malicious ad served inside Bing’s AI chatbot
by 2 days, 11 hours ago
-
win10 pro 22H2 current minus 1 mo,to, win11. suggestions…
by 2 days ago
-
Microsoft entered negotiations to sell Bing to Apple in 2020
by 2 days, 20 hours ago
-
X CEO shows her iPhone’s Home Screen – and X isn’t there
by 2 days, 22 hours ago
-
Keeping an older Mac secure
by 2 days, 22 hours ago
-
Thunderbird – problem ”setting up existing email address”
by 13 hours, 47 minutes ago
-
Windows 11 Insider Preview build 23555 released to DEV
by 3 days, 9 hours ago
-
Something didn’t go as planned KB5030310, KB 5030219
by 1 day, 22 hours ago
-
“Enhanced” search box
by 3 days, 10 hours ago
-
Windows Ends Installation Path for Free Windows 7/8 Upgrade
by 3 days, 10 hours ago
