MOVEit Transfer Critical Vulnerability (CVE-2023-34362)

Read Time:47 Second

What is MOVEit Transfer ?

The MOVEit Transfer is a file-transfer tool that is popular to a lot of organizations. It provides secured transfer between enterpsises by encrypting files at rest and during transfer. It also provides management tools and visibility for monitoring the data flow.

What is the Attack?

The attack can lead an unauthorized user to gain unauthorized access to MOVEit Transfer’s database.

Why is this Significant?

An active exploitation in the wild is at present. Also, there are several hundreds publicly available on the Internet using the MOVEit Transfer according to Shodan.

What is the Vendor Solution?

The vendor has provided three levels of mitigations. First one is to deny the service via blocking any HTTP/HTTPs traffic. Second is to delete unauthorized files and user accounts. Last is to apply the patch on the affected tool.

What FortiGuard Coverage is Available?

FortiGuard Labs is currently investigating coverage for CVE-2023-34362.

Cryptomining Malware Found in Popular Open Source Packages

Interpol Identifies Over 140 Human Traffickers in New Initiative

ICO Warns of Mobile Phone Festive Privacy Snafu

Friday Squid Blogging: Squid Sticker

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

LockBit Admins Tease a New Ransomware Version

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns

CISA Urges Encrypted Messaging After Salt Typhoon Hack

MOVEit Transfer Critical Vulnerability (CVE-2023-34362)

A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution

CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205

USN-7179-1: Linux kernel vulnerabilities

USN-7173-2: Linux kernel vulnerabilities

swiftlint-0.57.1-1.fc42

USN-7166-3: Linux kernel (HWE) vulnerabilities