software company Progress Software has suffered yet another vulnerability in its MOVEit Transfer application. The vulnerability is an SQL injection flaw that could lead to escalated privileges for attackers, giving them potential unauthorized access to the environment. The group known as Cl0p has been using extortion tactics against affected companies.
This is the third vulnerability that has been found within the MOVEit Transfer application recently. While Progress Software is still working on fixing all of the gaps in their software, Cl0p is taking advantage of these vulnerabilities by extorting companies who fall victim to the flaws. This latest vulnerability has not yet been assigned a CVE identifier, but it is still important to take it seriously.
Progress Software is taking steps to patch these vulnerabilities as they are found, but it is crucial that companies using MOVEit Transfer take action to protect themselves from possible attacks. If left unaddressed, cybercriminals may take advantage of these gaps in security to steal sensitive information or wreak havoc on a company’s infrastructure. It is always important to make sure that software is up to date and to implement best practices when it comes to cybersecurity.Original Article: https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html