HQ/EMEAFind out how we can help your business
New research unveiled another critical vulnerability in the MOVEit Transfer app. The revelation of this vulnerability appeared after the researchers announced a different set of SQL injection bugs that threat actors could use to acquire initial access to the database content of the application.
This new flaw has yet to have a CVE identifier. However, researchers explained that attackers could exploit it to elevate privileges and unauthorised access to a targeted environment. Moreover, security researchers shared details of the flaw in a social media platform. Furthermore, the researchers included a proof-of-concept exploit code for this newly uncovered zero-day bug.
The second vulnerability in the MOVEit Transfer could compromise all the applications’ versions.
Last week, the second MOVEit Transfer bug investigation claimed that SQL injection flaws could impact all users. The second flaw is CVE-2023-35036, which could affect all MOVEit Transfer versions and enable unauthorised hackers to compromise publicly available servers. This vulnerability could modify or extract customer information.
The notorious Cl0p ransomware group, the cybercriminal organisation, widely used the MOVEit Transfer flaw. They claimed responsibility for launching multiple attacks that involved the first MOVEit Transfer vulnerability. The group claimed that they have been exploiting the weakness since last month.
Unfortunately, the group started revealing the names of more than two dozen entities successfully compromised through the exploit. The group infiltrated the most well-known entities using the flaw: Shell, several financial institutions, IT providers, pharmaceutical companies, education, and manufacturing entities.
However, the researchers believe that the group have mainly targeted banks and financial institutions from the United States.
According to MOVEit representatives, a patch for the latest vulnerability is being tested and released soon. MOVEit Transfer customers should disable HTTP and HTTPs traffic to safeguard their infrastructure until the update arrives.
Modifying firewall rules to obstruct traffic on ports 80 and 443 is a temporary diversion to prevent such threats. Lastly, users could still execute file transfers via SFTP and FTP/s protocols without interruptions while the web UI login was unavailable during the fix.
