Clop ransomware group claims to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability.
The Clop ransomware group may have compromised hundreds of companies worldwide by exploiting a vulnerability in MOVEit Transfer software.
MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.
The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.
“a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer’s database.” reads the advisory published by the company. “Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.”
The vulnerability affects all MOVEit Transfer versions, it doesn’t affect the cloud version of the product.
Over the weekend, the Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.
On Wednesday, the Clop ransomware gang published an extortion note on its dark web leak site claiming to have information on hundreds of businesses.
“WE HAVE INFORMATION ON HUNDREDS OF COMPANIES SO OUR DISCUSSION WILL WORK VERY SIMPLE.” reads the message published by the gang.
The gang is urging victim organizations to contact them before their name will be added to the list of victims on the leak site. The group has fixed the deadline on June 14.
At this time it not possible to determine the exact number of organizations that were breached by the gang by exploiting the MOVEit Transfer vulnerability.
By May 31, Rapid7 experts discovered approximately 2,500 instances of MOVEit Transfer publicly accessible on the internet, with a significant portion located in the United States.
“Our teams have so far observed the same webshell name in multiple customer environments, which may indicate automated exploitation.” reported Rapid7.
One of the organizations that was hacked by exploiting the above issue is the payroll provider Zellis. The bad news is that as a result of the cyber attack on the payroll provider Zellis, the personal data of employees at the BBC and British Airways has been compromised and exposed.
One of Zellis’s customers, the British health and beauty retailer and pharmacy chain Boots also confirmed to have been impacted by the attack. The company has yet to determine the number of impacted employees.
Another impacted firm is the airline Aer Lingus, which confirmed that “some of our current and former employee data” has been disclosed.
This isn’t the first time that Clop ransomware gang carry out hacking campaign on a large scale by exploiting a zero-day vulnerability.
In February, the Clop ransomware group claimed to have stolen sensitive data from over 130 organizations by exploiting a zero-day vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere MFT secure file transfer tool.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Clop ransomware group)
The post Clop ransomware gang claims the hack of hundreds of victims exploiting MOVEit Transfer bug appeared first on Security Affairs. Ça y est, le rapport de bug du mois de mai est enfin là ! Alors que le soleil brille et que la nature est en pleine effervescence, les experts Trellix ne se laissent pas distraire par les beaux jours. Ils continuent à explorer sans relâche les méandres des vulnérabilités.
The post Bug Report Trellix : les beaux jours ne suffisent pas à arrêter les cybercriminels ! first appeared on UnderNews. The North Korean APT group Kimsuky has been running a social engineering operation that targets experts in North Korean affairs from the non-government sector, according to SentinelLabs. For spear-phishing attempts to gather intelligence from think tanks, research centers, academic institutions, and various media organizations, the North Korean hacking group Kimsuky (also known as APT43) has been
The post North Korean Hackers Mimic Journalists To Steal Credentials From Organizations appeared first on GBHackers - Latest Cyber Security News | Hacker News. submitted by /u/S3cur3Th1sSh1t [link] [comments] By Waqas
These 2 billion SWEAT tokens, which make up around 13% of the total supply, have been locked in…
This is a post from HackRead.com Read the original post: Sweat Economy Gives Power to Community over 2 Billion SWEAT Tokens Les cybermenaces visant les entreprises ou bien les particuliers n’ont jamais été aussi nombreuses. Selon une récente étude menée par Yubico, 80 % des salariés en France indiquent avoir été exposés à une cyberattaque dans leur vie personnelle au cours des douze derniers mois, soit le taux le plus élevé d’Europe, et 61 % en ont été victimes au travail.
The post Pas de cybersécurité sans clé de sécurité first appeared on UnderNews.

Présentation journée OSINT au FIC 2023
Une étape supplémentaire pour la mise en lumière de notre