The application development and infrastructure software company in the Boston region alerted users to a significant SQL injection vulnerability in MOVEit Transfer that allow attackers to escalate their privileges and gain access to target systems without authorization.
Researchers at Mandiant, Rapid7, and other companies claimed to have observed widespread data theft and mass exploitation linked to the vulnerability.
Any company using MOVEit should perform a forensic analysis to see if the system has previously been breached and whether any data has been stolen.
Organisations should be ready for future extortion and publishing of the stolen material, even though Mandiant does not yet know the motivation of the threat actor.
Source: https://www.govinfosecurity.com/hackers-exploit-progress-moveit-file-transfer-vulnerability-a-22211
"id": "PRO12124623",
"linkid": "progress-asia-moveit",
"type": "Vulnerability",
"date": "06/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"