Microsoft has officially linked the active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor named Lace Tempest.
CVE-2023-34362 relates to an SQL injection vulnerability in the MOVEIT Transfer that enables unauthenticated, remote attackers to gain access to the database and execute arbitrary code.
There are believed to be at least over 3,000 exposed hosts utilizing the MOVee transfer service according to data from attack surface management company Censys.
Lace Tempest, also known as Storm-0950, is a ransomware affiliate that overlaps with other groups such as FIN11, TA505, and Evil Corp.Microsoft on Twitter today announced the discovery and severity of the flaw.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply