The company updated an advisory about a bug affecting the MOVEit tool, warning a “newly identified vulnerability in a third-party component" had elevated the risks.

Progress un-embargoed an authentication bypass vulnerability in Progress MOVEit Transfer.

Many sysadmins may remember last year’s CVE-2023-34362, a cataclysmic vulnerability in Progress MOVEit Transfer that sent ripples through the industry, claiming such high-profile victims as the BBC and FBI. Sensitive data was leaked, and sensitive data was destroyed, as the cl0p ransomware gang leveraged 0days to steal data - and ultimately leaving a trail of mayhem.

Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.

CCleaner, a popular software for cleaning files and Windows Registry entries, has confirmed that attackers accessed some of its customer data.

Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.

The breach affecting more than 3.4 million people — including newborns and children — is one of the biggest MOVEit-related hacks of the year.

The mass-exploitation of MOVEit file transfer servers — the largest hack of the year so far — now affects at least 60 million people.

The supply-chain cyberattack that targeted Progress Software’s MOVEit Transfer application has compromised over 963 private and public-sector organizations worldwide. The ransomware group, Cl0p, launched this attack campaign over Memorial Day weekend.

Some higher-profile victims of the hack include Maximus, Deloitte, TIAA, Ernst & Young, Shell, Deutsche Bank, PricewaterhouseCoopers, Sony, Siemens, BBC, British Airways, the U.S. Department of Energy, the U.S. Department of Agriculture, the Louisiana Office of Motor Vehicles, the Colorado Department of Health Care Policy and Financing, and other U.S. government agencies. Thus far, the personal data of over 58 million people is believed to have been exposed in this exploit campaign.

The fallout from the Clop cybercrime group's mass theft of data from MOVEit servers continues to increase. Colorado's state healthcare agency alone is now notifying

A hydra-headed breach centered on a single American software maker has compromised data at more than 600 organizations worldwide, according to cyber analyst tallies corroborated by Reuters.

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.

Top U.S. cybersecurity officials confirmed Thursday that several federal agencies have been impacted by cyberattacks on the widely used MOVEit file transfer tool.

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly told reporters that her team and the FBI are working to provide assistance to federal agencies that used MOVEit, which is being exploited by the Russia-based Clop ransomware gang in a widespread breach that appears to have compromised dozens of entities.

“We’ve been working closely with Progress Software [which makes MOVEit], the FBI and our federal partners to understand its prevalence within federal agencies,” she said. Earlier in the day, CNN first reported that several government agencies were compromised in the hacks. Easterly said that CISA is providing support to “several agencies that have experienced intrusions of their MOVEit applications.”

The hackers responsible for exploiting a flaw to target users of a popular file transfer tool has begun listing victims of the mass-attacks

On May 31, 2023, Progress Software disclosed a critical SQL injection vulnerability that was later assigned CVE-2023-34362. Rapid7 has observed exploitation in…

This page provides the latest information on the MOVEit Transfer and MOVEit Cloud vulnerabilities. As we continue our investigation and new details are uncovered, this page will be updated. Please check back frequently for updates.

CVE-PENDING (June 9, 2023)
CVE-2023-34362 (May 31, 2023)

On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362). Learn more.

On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.

SQL injection attacks on MOVEit file-transfer service likely to get worse.

On May 31, threat actors were discovered targeting a critical zero day in MOVEit Transfer software resulting in escalated privileges and unauthorized data access. The vulnerability being exploited is an SQL injection and has since been patched. Resources links, including one for the patch, are at the bottom of this post.

Staff at multiple organisations are warned of a payroll data breach after an IT supplier is hacked.