Progress Software has recently discovered and addressed a severe security issue in its popular file transfer software, MOVEit Transfer. The issue, known as an SQL injection vulnerability, would have allowed unauthorized users to access the software’s database without needing to log in. This flaw is particularly critical because it can be exploited by attackers without valid credentials. Fortunately, no instances of this vulnerability being actively exploited by attackers have been reported so far.
This discovery follows a series of cyberattacks that targeted MOVEit Transfer using a different SQL injection vulnerability. These attacks resulted in data theft and extortion from the affected organizations. As part of its response, Progress Software has also addressed two other significant vulnerabilities, one that allows unauthorized database access and another that could unexpectedly shut down the software.
The software company was alerted about these vulnerabilities by researchers from HackerOne and Trend Micro’s Zero Day Initiative. Notably, multiple versions of MOVEit Transfer are affected, and Progress Software has made updates available for all major versions. Users are strongly advised to update their software to the latest version to minimize the risks associated with these vulnerabilities.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.