Ofcom

The MOVEit file transfer zero-day vulnerability was used by the Clop ransomware campaign to compromise the data of UK communications regulator Ofcom.

The ransomware group had access to private data that Ofcom had on the companies it monitors, a representative for the regulator told The Record.

According to the organization, they took immediate action to stop further usage of the MOVEit service and to put the suggested security measures into place.

A SQL injection vulnerability exists, and it might be used by an unauthenticated attacker to access the database of MOVEit Transfer without authorization.

Source: https://securityaffairs.com/147396/data-breach/ofcom-hacked-moveit-zero-day.html

"id": "OFC73619923",
"linkid": "ofcom",
"type": "Ransomware",
"date": "06/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"