The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software’s MOVEit Transfer application to drop ransomware.
The Cl0p ransomware gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in this piece of software.
The agencies said that internet-facing MOMoveit Transfer web applications were infected with a web shell named LemURLOOT, which was then used to steal data from underlying MOveit Transfer databases.
Similar attacks have been carried out on other managed file transfer applications such as Accellion FTA and GoAnywhere MFT over the past year.
Attack surface management firm Censys reported that it has observed a drop in the number of hosts running exposed MO Moveit Transfer instances from over 3,000 hosts to a little more than 2,600.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply