From thehackernews.com
Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies.
The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that “could lead to escalated privileges and potential unauthorized access to the environment.”
The company is urging its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared to address the weakness.