Hold it – more vulnerabilities found in MOVEit file transfer software

From theregister.com

INFOSEC IN BRIEF Security firms helping Progress Software dissect the fallout from a ransomware attack against its MOVEit file transfer suite have discovered more issues that the company said could be used to stage additional exploits.

Progress said the discovery was made by cybersecurity firm Huntress, which it had engaged to conduct a detailed code review of its systems. The newly discovered exploits are distinct from the issue reported earlier, and as such another patch for MOVEit Transfer and MOVEit Cloud have been issued to fix this latest discovered bug.

Progress gave no description of the newfound vulnerabilities and said a CVE number or numbers are pending.

The original attack – which targeted high-profile companies like British Airways, the BBC and Boots – exploits a SQL injection vulnerability in the MOVEit document transfer app to gain access to environments and exfiltrate data.

Read more…