As the world of digital business continues to grow, organizations must remain vigilant to keep their data and information secure. This is why Progress Software, the company behind the popular MOVEit Transfer application, took immediate action when they discovered brand new SQL injection vulnerabilities affecting their file transfer solution. This could have enabled attackers to gain unauthorized access to the MOVEit Transfer database and potentially led to the theft of sensitive information. The security issues, which impacted all versions of the service, have since been addressed in the MOVEit Transfer versions 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2). All MOVEit Cloud instances have been fully patched. The company also noted that no indications of the newly discovered flaws being exploited in the wild have been observed. The vulnerabilities were discovered and reported by Huntress, a cybersecurity firm, as part of a code review. This development is especially important given the previously reported MOVEit Transfer vulnerability (CVE-2023-34362) has been under heavy exploitation in recent months, with the Cl0p ransomware gang taking advantage of the zero-day bug to drop malicious web shells on targeted systems. Organizations should take the time to make sure their security measures are up-to-date and that they have the latest patches and software updates installed. It's also important to have proper network monitoring in place to detect any possible malicious activity. Finally, it's imperative that the necessary security training be provided to all employees so that they can recognize potential threats and know what steps to take if they encounter suspicious activities. Being proactive and taking the necessary steps to protect your data and information is essential for any organization. Progress Software's decision to take immediate action when they discovered the SQL injection vulnerabilities affecting their MOVEit Transfer application is a shining example of just how important it is to stay ahead of the game when it comes to cyber security.
top of page
bottom of page