Dec 10, 2024Ravie LakshmananVulnerability / Threat Analysis Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en … [Read more...] about Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged
transfer
New MOVEit Transfer Vulnerability Under Active Exploitation
Jun 26, 2024NewsroomVulnerability / Data Protection A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following … [Read more...] about New MOVEit Transfer Vulnerability Under Active Exploitation
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Mar 18, 2024NewsroomVulnerability / Threat Mitigation Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory … [Read more...] about Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
Jul 07, 2023Swati KhandelwalVulnerability / Cyber Threat Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as … [Read more...] about Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
Data Exfiltration for MOVEit Transfer Exploit
Summary Points Organizations around the globe continue to experience the fallout of the MOVEit Transfer exploit CVE-2023-34362 CrowdStrike incident responders have identified evidence of mass file exfiltration from the MOVEit application, as a result of the webshell activity on compromised MOVEit systems Data exfiltration activity can be identified by analyzing the MOVEit … [Read more...] about Data Exfiltration for MOVEit Transfer Exploit
New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered
Jun 10, 2023Ravie LakshmananVulnerability / Cyber Threat Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information. "Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web … [Read more...] about New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered