Radware recently warned about newly discovered serious SQL injection vulnerabilities in the file transfer solution MOVEit Transfer - a data sharing solution that is considered safe and widely used in the world today. produced by Progress Software.

The vulnerabilities  (also known as CVE-2023-35036) were discovered with the support of cybersecurity company Huntress after a detailed source code review initiated by Progress at the end of May when fixing the vulnerability. The zero-day vulnerability is being exploited by the Ransomware Clop gang to encrypt data for ransom.

 

 

Warning of critical vulnerability in MOVEit Transfer

 

These security vulnerabilities affect all versions of MOVEit Transfer, allowing attackers to break into information systems to steal customer database information, causing serious damage.

 

In a warning, Progress said: "An attacker can send a self-generated payload to the endpoint of the MOVEit Transfer application, thereby allowing modification and disclosure of the MOVEit database contents."

 

Faced with this situation, the US Cybersecurity and Infrastructure Agency (CISA) also advises that customers need to immediately update the new patch as well as take appropriate solutions to promptly detect actions. attack.

 

Ensuring the safety of data transmission is an essential job for every business/organization in the current digital transformation context.

 

Please contact our VNCS team for detailed advice on information security solutions for your business!

 

Source: Radware | Blogs

 

Bleeping Computer