SoatDev IT Consulting
SoatDev IT Consulting
  • About us
  • Expertise
  • Services
  • How it works
  • Contact Us
  • News
  • June 16, 2023
  • Rss Fetcher

Progress Software, developer of the compromised MOVEit file transfer tool, is urging IT managers to temporarily disable direct internet access to the application after a new vulnerability was found and news of more hacked organizations emerge.
On Thursday, Progress said a critical vulnerability — which had yet to be given a CVE number — needed immediate mitigation.
That included disabling all HTTP and HTTPs traffic to on-premises MOVEit installations to help prevent unauthorized access, and modifying firewall rules to deny web traffic to MOVEit on ports 80 and 443 until the latest patches can be installed.
Until web access can be enabled, users won’t be able to log into the MOVEit Transfer web user interface. MOVEit Automation tasks that use the native MOVEit Transfer host will not work, nor will REST, Java and .NET APIs, or the MOVEit Transfer add-in for Microsoft Outlook.
However, SFTP and FTP/s protocols will continue to work as normal.
As a workaround, administrators will still be able to access MOVEit Transfer by using a remote desktop to access the Windows machine, and then accessing https://localhost/.
The company also said MOVEit Cloud has been patched and fully restored across all cloud clusters.
The new vulnerability is unrelated to the hole (CVE-2023-34362) found by the Clop ransomware gang that has been exploited against a number of companies including Shell, British Airways, the BBC and the Nova Scotia government, and a trio of vulnerabilities (CVE-2023-35036) acknowledged by Progress last week. 
Tony Anscombe, chief security evangelist at ESET, noted that disabling web access stops a hacker who has already breached an organization’s network perimeter through compromised credentials from exploiting MOVEit vulnerabilities, because they would be inside the firewall.
“Even if the software has been disabled,” he said in an email to IT World Canada, “companies should investigate the indicators of compromise that have been published by the CISA (the U.S. Cybersecurity and Infrastructure Security Agency) to establish if they are already a potential victim.”
“The MOVEit data theft is a sobering reminder of the criticality of immediate patching,” said Lorri Janssen-Anessi, director of external cyber assessments at BlueVoyant. “The moment vulnerabilities are identified, organizations must prioritize timely response, otherwise they’re at the mercy of adversaries. If you’re impacted by MOVEit and you can’t install the latest patch versions, at the very least, you need to disable all HTTP and HTTPs traffic to MOVEit Transfer environments. Affected companies should also check for potential indications of unauthorized access over at least the past 30 days.”
The Clop ransomware gang has focused on exploiting file transfer technologies for years, noted Tenable chief executive officer (CEO) Amit Yoran, and has had widespread success exploiting a known MOVEit flaw for weeks. “While we don’t know the full extent of the attack on U.S. government agencies,” he said, “it’s clear that even now many organizations still need to plug holes in their software applications to avoid becoming the next victim.
“Cybercriminals and nation states alike feast on known vulnerabilities and sloppy hygiene practices that leave organizations unnecessarily at risk. Unrelenting focus on identifying issues, prioritizing them and remediating them makes a world of difference.”
Dror Liwer, co-founder of Coro, said, “when moving sensitive information, even using a so-called secure platform, a zero trust approach should be used. Any sensitive data either in movement or at rest must be encrypted. The benefit far outweighs the overhead.”The post Another vulnerability in MOVEit Transfer found, admins urged to disable web access first appeared on IT World Canada.

Previous Post
Next Post

Recent Posts

  • Trump pulls Musk ally’s NASA Administrator nomination
  • Left-leaning influencers embrace Bluesky without abandoning X, Pew says
  • NAACP calls on Memphis officials to halt operations at xAI’s ‘dirty data center’
  • Meta plans to automate many of its product risk assessments
  • The ellipse hidden inside Pascal’s triangle

Categories

  • Industry News
  • Programming
  • RSS Fetched Articles
  • Uncategorized

Archives

  • May 2025
  • April 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023

Tap into the power of Microservices, MVC Architecture, Cloud, Containers, UML, and Scrum methodologies to bolster your project planning, execution, and application development processes.

Solutions

  • IT Consultation
  • Agile Transformation
  • Software Development
  • DevOps & CI/CD

Regions Covered

  • Montreal
  • New York
  • Paris
  • Mauritius
  • Abidjan
  • Dakar

Subscribe to Newsletter

Join our monthly newsletter subscribers to get the latest news and insights.

© Copyright 2023. All Rights Reserved by Soatdev IT Consulting Inc.