Outbreak AlertProgress MOVEit Transfer SQL Injection Vulnerability
Zero-day vulnerability exploited in data theft attacks
A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. According to the vendor, depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to gather information about the structure and contents of the database and execute SQL statements that can change or delete database elements.. Learn More »
Common Vulnerabilities and Exposures
Background
MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, a subsidiary of Progress Software Corporation, that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. Previously during Feb of this year, we saw a different MFT solution, Fortra GoAnywhere MFT exploited by attackers for ransomware attacks on various organizations which shows file transfer solution remain a target for ransomware attacks. To read the full Outbreak Report, go to Additional Resources section below.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
-
May 01, 2024: The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks.
https://apps.web.maine.gov/online/aeviewer/ME/40/5b9aff63-0dc1-429a-a5e4-6b8e6c859f02.shtml -
June 15, 2023: Progress discovered a vulnerability (CVE-2023-35708) in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment.
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 -
June 09, 2023: Another SQL injection vulnerability (CVE-2023-35036) have been identified in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to the MOVEit Transfer database.
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-2023-35036-June-9-2023 -
June 08, 2023: FortiGuard Threat Labs released a detailed blog on CVE-2023-34362
https://www.fortinet.com/blog/threat-research/moveit-transfer-critical-vulnerability-cve-2023-34362-exploited-as-a-0-day -
June 07, 2023: CISA released a Cybersecurity Advisory. "Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability"
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a -
June 04, 2023: Microsoft links attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest aka Cl0p ransomware group.
https://twitter.com/MsftSecIntel/status/1665537730946670595 -
June 02, 2023: FortiGuard Labs released a Threat Signal on Progress MOVEit Transfer SQL Injection Vulnerability.
https://www.fortiguard.com/threat-signal-report/5174 -
June 02, 2023: CISA added CVE-2023-34362 to its Known Exploited Vulnerability catalog (KEV)
-
May 31, 2023: Vulnerability was announced by Progress Software Corporation.
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Lure
-
Decoy VM
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
Web App Security
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Playbook
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Vulnerability Management
-
Business Reputation
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.