Important Security Notice: MOVEit Data Transfer Software

June 16, 2023

A significant vulnerability has been exploited in the MOVEit Transfer application. MOVEit Transfer software, developed by Progress Software, is used by many financial institutions and government agencies to transfer files securely. This vulnerability could allow an attacker to gain unauthorized access to your MOVEit Transfer environment, leading to the theft of sensitive data.

A group known for ransomware attacks is responsible for exploiting this critical vulnerability that allows access to the files and data contained in the MOVEit transfer application. A number of U.S.-based companies have been attacked by this group since the security flaw was discovered in late May.

Who is affected?

As of June 16, 2023, it appears that all versions of MOVEit Transfer and MOVEit Cloud are affected by this vulnerability, as well as others recently discovered.

How does the exploit work?

The vulnerability can be exploited by sending a crafted request (SQL injection) to the MOVEit Transfer application, which bypasses authentication to grant unauthorized access to the database. Once an attacker has access to the database, they can steal sensitive information, credentials, and files.

What should you do?

Following the developer’s recommendation, it is strongly recommended that you apply recently published patches as soon as possible. If you are unable to apply this patch, you should immediately disable all HTTP and HTTPS traffic to your MOVEit Transfer application and environment to prevent exploitation of this vulnerability.

For more information regarding this vulnerability, please refer to the following:

Progress Software Security Advisory: https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
AXIOS: https://www.axios.com/2023/06/15/government-agencies-hacked-moveit-vulnerability
Cybersecurity & Infrastructure Security Agency (CISA): https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability
Symantec Enterprise Blogs: MOVEit Vulnerabilities: What You Need To Know: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/moveit-vulnerabilities-exploits

If you have any questions, please contact our team at TraceSecurity.

Kevin Ivy, Director of Security Services

With over 19 years of experience in IT and Information Security, Kevin has been a great asset to TraceSecurity as an Information Security Analyst, Security Solutions Engineer, and now Director of Security Services. His areas of expertise include Systems Administration, IT Risk Management, Information Security Management, IT Auditing, Penetration Testing, and Network Engineering. He has performed all of our services, including risk assessments, IT audits, penetration tests, and more. As Director, he manages a team of 40+ Information Security Analysts in the development and execution of TraceSecurity services. Kevin holds his CISSP, CISM, and CRISC certifications. Additionally, he holds an associate degree in information technology from ITI Technical College.