The dust hasn’t even settled properly around the GoAnywhere MFT fiasco, and we already have another enterprise secure file transfer solution breached and abused for data theft. 

This time it’s MOVEit Transfer, a managed file transfer (MFT) solution built by a Ipswitch, a subsidiary of a company called Progress. 

The company has confirmed the discovery of a “critical” vulnerability, and urged its users to apply a workaround immediately in anticipation of an official patch.

Privilege escalation

“Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment,” the company’s announcement states. 

“If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch.”

The company says that users should block external traffic to ports 80 and 443, which will most likely prevent external access to the web UI, as well as some automation tasks. APIs will stop working, as will the Outlook plugin, but customers can still use SFTP and FTP/s protocols to transfer files between endpoints

Furthermore, the users should inspect the ‘c:MOVEit Transferwwwroot’ folder for unexpected files, backups or large file downloads, as that seems to be the number one indicator of compromise, BleepingComputer also reported.

The details about the flaw and its abusers itself are still missing. We know it’s a zero-day, and that it can be used to extract sensitive files from the users. Cybersecurity researchers from Rapid7 believe this is an SQL injection flaw that allows for remote code execution. No CVE has yet been assigned. 

We also don’t know the flaw’s impact, but BleepingComputer has said its sources tell it “numerous organizations” have had their data stolen so far. There are at least 2,500 exposed transfer servers, mostly located in the United States. 

It’s safe to assume the attackers will try to extort money from the victims, in exchange for keeping the data private. 

Via: BleepingComputer

Go to Source

Follow us on FacebookTwitter and InstagramWe are growing. Join our 6,000+ followers and us.

At TechRookies.com will strive to help turn Tech Rookies into Pros!

Want more articles click Here!

Deals on Homepage!

M1 Finance is a highly recommended brokerage start investing today here!

WeBull. LIMITED TIME OFFER: Get 3 free stocks valued up to $6300 by opening & funding a #Webull brokerage account! “>Get started >Thanks for visiting!

Subscribe to our newsletters. Here! On the homepage

Tech Rookies Music Here!

Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.

Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting Teachrookies.com

Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.