Another day, another newly discovered exploit. But this vulnerability has the potential to be a really big problem.
This week, Progress Software announcedthat it had discovered two new items for the common vulnerabilities and exposures (CVE) list of the enterprise product MOVEit Transfer, a popular way for businesses to securely transfer and exchange sensitive files and data.
SEE ALSO: Two MIT students charged for exploiting Ethereum blockchain bug, stole $25 million in cryptoThis most recent MOVEit vulnerability, known as CVE-2024-5806, allows hackers to bypass authentication protocols and access the potentially sensitive information being transferred.
While many readers may not be familiar with Progress Software or MOVEit, this vulnerability could result in serious consequences. As Ars Technicapoints out, a MOVEit vulnerability affectedmillions of people last year. Thousands of organizations, including the US Department of Energy and Shell, were compromised. The 2023 exploit's effects on the Canadian province of Ontario’s government birth registry alone left 3.4 million people compromised.
Currently, MOVEit is installed on as many as 2,700 networks globally. Bad actors, such as at least one ransomware gang, have already made attemptsto exploit this most recent vulnerability, according to cybersecurity researchers with The Shadowserver Foundation and the security firm Censys.
Progress Software has since released a patch to close the exploit, which can be found here.
