New MOVEit Transfer security flaws have been discovered — so patch now
Major MOVEit Transfer flaw allows threat actors to tamper with files
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A new vulnerability in the managedfile transfersolution MOVEit Transfer (MFT), which allows threat actors to bypass authentication and tamper with other people’s files as they see fit.
The company disclosed finding the vulnerability earlier this week, but has also revealed a patch is available now, with users advised to apply it immediately and secure their networks.
The vulnerability, described as an improper authentication flaw, is tracked as CVE-2024-5806, and is currently awaiting a severity score. It allows people to work past theauthenticationprocess in the Secure File Transfer Protocol (SFTP) module, responsible for transferring files over SSH. Threat actors abusing this flaw are allowed to access data stored on the MFT server, upload, download, delete, or modify files, as well as intercept and tamper with incoming/outgoing file transfers.
Vulnerable instances
Cyber-intelligence platform Censys scanned the internet for exposed MFT instances and found roughly 2,700 of them, mostly located in the US, UK, Germany, Canada, and the Netherlands. However, it is impossible to tell how many of these applied the patch, or how many are vulnerable at this time.
Yet we do know that malicious actors are already on the move. Shadowserver Foundation said it observed multiple threat actors trying to exploit the flaw. It is only logical, given that cybersecurity experts from watchTowr published a proof-of-concept, detailing how an attack might be pulled off.
The vulnerability affects these versions:
2023.0.0 before 2023.0.11
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
2023.1.0 before 2023.1.6
2024.0.0 before 2024.0.2
Users should patch to versions 2023.0.11, 2023.1.6, and 2024.0.2, all available on the Progress Community portal.
Last year, MFT was at the center of a major security fiasco, after a flaw in the system allowed the Cl0p ransomware group to steal sensitive data from thousands of organizations worldwide.
ViaBleepingComputer
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
I’m a die-hard Apple fan, but even I’ll admit that the Google Pixel 9 Pro is the best-looking phone of the year
