Getty Images/iStockphoto

Progress Software Discloses Another MOVEit Cybersecurity Vulnerability

The newly discovered cybersecurity vulnerability could lead to escalated privileges and potential unauthorized access if exploited.

Progress Software has disclosed another critical cybersecurity vulnerability in its MOVEit Transfer software. The previously reported vulnerability (CVE-2023-34362) involves a SQL injection flaw, and the latest vulnerability (CVE-2023-35708) uses a SQL injection vulnerability to enable privilege escalation and unauthorized access.

As previously reported, MOVEit Transfer is a widely used secure managed file transfer application used by the healthcare sector and many other industries. Clop ransomware began successfully exploiting CVE-2023-34362 in late May.

Progress Software encouraged impacted organizations to follow its remediation steps and patch as updates become available.

“We took HTTPs traffic down for MOVEit Cloud in light of the newly published vulnerability and asked all MOVEit Transfer customers to take down their HTTP and HTTPs traffic to safeguard their environments while a patch was created and tested,” MOVEit stated.

Unfortunately, the MOVEit vulnerabilities have already had a widespread impact on organizations across the world. CNN reported about an array of attacks on United States federal government agencies in which threat actors leveraged the MOVEit vulnerabilities. Among the impacted federal agencies was the Department of Energy, which suffered attacks on two of the department’s affiliated entities.

In addition, Johns Hopkins University and Johns Hopkins Health System recently disclosed that it was investigating a breach stemming from a cyberattack on its systems involving a “widely used software tool.”

Johns Hopkins did not explicitly mention MOVEit in its notice, but the timeline of the incident lines up with the day that Clop began launching its attacks.

“Our initial investigation suggests that the data breach may have impacted sensitive personal and financial information, (including names, contact information, and health billing records). We are working now to assess the full scope of the incident and will be reaching out to all impacted individuals in the coming weeks,” Johns Hopkins stated.

The Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory (CSA) regarding Clop ransomware in early June, warning critical infrastructure entities to validate their security programs against Clop threat actor behaviors.

Next Steps

Dig Deeper on Cybersecurity strategies