![]() Progress Software claimed its customer base spans "thousands of enterprises, including 1,700 software companies and 3.5 million developers." It did not respond to The Register's inquiries into how many customers are likely affected by the flaw, and how many have been compromised. "Internet-facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases," the Feds explained.Īs of last week, Rapid7 said it had spotted about 2,500 instances of MOVEit Transfer exposed to the public internet, most of which belong to US customers. Criminals spent 10 days in US dental insurer's systems extracting data of 9 millionĪlso today, the FBI and CISA released a joint advisory about Clop in response to the exploitation, providing indicators of compromise and mitigations that organizations can implement to limit any damage caused by intrusions.Identity thieves can hunt us for 'rest of our lives,' claims suit after university data leak.British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack Attackers deployed ransomware after breach was discovered Once FEIB detected the fraudulent transactions, Lazarus operators deployed the Hermes ransomware on the bank's network to delay.Deployed publicly accessible MOVEit Transfer? Oh no.The group did not immediately respond to a request for more details. ![]() ![]() Over the weekend, Microsoft blamed Clop for the extortion attempts, and the miscreants themselves confirmed to Reuters they were responsible for the security breaches: "It was our attack," and victims who refused to pay would be named on the gang's website. It is now tracked as CVE-2023-34362, and the app's developer Progress patched the flaw on Friday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |