A Zero-Day Flaw in Hacked MOVEit Software Was Exposed on Twitter

/in


(Bloomberg) — John Hammond, a senior researcher at the cybersecurity firm Huntress, had already lost a few nights of sleep when someone he’d been messaging with privately over Twitter delivered a bombshell.

The person, who declined to provide his name but describes himself as an exploit writer, told Hammond on June 15 that he had inadvertently stumbled upon a new zero-day vulnerability in MOVEit file-transfer software — the type of flaw that doesn’t have a fix, or patch, leaving users vulnerable to hackers. What’s more, the anonymous researcher publicly shared details about the flaw on Twitter — a potentially disruptive move that could’ve enabled attackers to exploit the vulnerability before the software owner could respond. 

This was not the standard practice of cybersecurity researchers. They generally give organizations notice about such flaws before going public in an effort to avoid aiding bad actors. (The US Department of Homeland Security says that it gives organizations 45 days to respond to vulnerability reports before a public disclosure.) 

It stood to exacerbate what was already a crisis over MOVEit, the software at the center of an ongoing hacking campaign by a Russian-speaking criminal group called Clop that exploited a different, zero-day flaw to access files from at least dozens of companies and organizations. The researcher’s discovery ended up adding to the woes of Progress Software Corp., the company behind MOVEit software. 

Progress had already issued a patch soon after it discovered the initial zero-day flaw exploited by Clop. And based on a tip from Huntress, issued another fix to a second zero-day earlier this month, Hammond said.

Read More: Clop Gang Wreaked Havoc Long Before MOVEit Hacking Spree (1)

Now there was a third. In a private message on Twitter, the anonymous researcher told John he had realized what he had discovered was a zero-day event, according to screenshots of the thread shared with Bloomberg News. The researcher, a self-described exploit writer and “white-hat” hacker — someone who finds and reports flaws rather than exploiting them — capped the note off with an emoji of an astonished face.

Hammond, who had spent recent…

Source…