Tag Archive for: transfer

Another Progress Software file transfer utility vulnerable – Security – Software

/in


Progress Software, whose MOVEIt file transfer software was the vector for a variety of attacks earlier this year, has disclosed critical vulnerabilities in another package – and one is already being exploited.

Another Progress Software file transfer utility vulnerable

CVE-2023-40044 was discovered by two researchers from Assetnote, Shubham Shah and Sean Yeoh.

On October 1, they wrote that Progress Software’s WS_FTP package has a deserialisation vulnerability that affects “the entire Ad Hoc Transfer component” of the package.

In its advisory, Progress Software said: “In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialisation vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.”

However, Shah and Yeoh claimed that “the vulnerability could be triggered without any authentication”.

Assetnote said its scans revealed nearly 3000 hosts on the internet that matched the conditions for exploitation – they are running WS_FTP and they have an accessible web server, and most “belong to large enterprises, governments and educational institutions”.

Progress Software disclosed a number of other vulnerabilities in its advisory, including CVE-2023-42657, a critical-rated directory traversal bug that allows attackers to perform file operations (including deleting and renaming files and directories) on locations on the underlying operating system.

Source…

Safety minister's office knew about Paul Bernardo's prison transfer … – YouTube

/in



Safety minister’s office knew about Paul Bernardo’s prison transfer …  YouTube

Source…

Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway

/in


A threat group with likely links to the financially motivated group known as FIN11 and other known adversaries is actively exploiting a critical zero-day vulnerability in Progress Software’s MOVEit Transfer app to steal data from organizations using the managed file transfer technology.

MOVEit Transfer is a managed file transfer app that organizations use to exchange sensitive data and large files both internally and externally. Organizations can deploy the software on-premises, or as infrastructure-as-a-service or as software-as-a-service in the cloud. Progress claims thousands of customers for MOVEit including major names such as Disney, Chase, BlueCross BlueShield, Geico, and Major League Baseball.

Researchers from Google’s Mandiant security group who are tracking the threat believe the exploit activity may well be a precursor to follow-on ransomware attacks on organizations that have fallen victim so far. A similar pattern played out earlier this year after an attacker exploited a zero-day flaw in Forta’s GoAnywhere file transfer software to access customer systems and steal data from them.

The Microsoft Threat Intelligence team meanwhile said via Twitter today that it has attributed the attack to a baddie it calls “Lace Tempest,” which is a financially motivated threat and ransomware affiliate that has ties to not only FIN11, but also TA505, Evil Corp, and the Cl0p gang.

Data Theft Happening in Minutes

An initial investigation into the MOVit Transfer attacks by Mandiant showed that the exploit activity began on May 27, or roughly four days before Progress disclosed the vulnerability and issued patches for all affected versions of the software. Mandiant has so far identified victims across multiple industry sectors located in Canada, India, and the US but believes the impact could be much broader.

“Following exploitation of the vulnerability, the threat actors are deploying a newly discovered LEMURLOOT Web shell with filenames that masquerade as human.aspx, which is a legitimate component of the MOVEit Transfer software,” Mandiant said in a blog post June 2.

The Web shell allows the attackers to issue commands for enumerating files and folders on a system running MOVEit…

Source…

Week in review: MOVEit Transfer critical zero-day vulnerability, Kali Linux 2023.2 released

/in


Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

MOVEit Transfer zero-day attacks: The latest info
Progress Software has updated the security advisory and confirmed that the vulnerability (still without a CVE number) is a SQL injection vulnerability in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

Penetration tester develops AWS-based automated cracking rig
Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation.

The strategic importance of digital trust for modern businesses
In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape.

Navigating cybersecurity in the age of remote work
In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location.

Threat actors can exfiltrate data from Google Drive without leaving a trace
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say.

Zyxel firewalls under attack by Mirai-like botnet
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

Someone is roping Apache NiFi servers into a cryptomining botnet
If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf.

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!
Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing…

Source…