Progress Software Has Critical Hacking Vulnerabilities

Uploaded on 2023-06-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Several US federal government agencies have been hit in a global cyber attack by Russian cyber criminal gang, called ClOP, that is exploiting a vulnerability in widely used Progress software product, according to a top US cyber security agency. Progress has confirmed this vulnerability in MOVEit Transfer, which most probably assists criminal environment access. 

On June 15 the US Cybersecurity & Infrastructure Security Agency (CISA) said that another software product from Progress had been exploited to breach multiple US federal agencies by “unattributed APT actors”, these products are from a Progress subsidiary Telerik, which was a company acquired in 2014.

The release of the advisory detailing the latest vulnerability comes after CISA said that federal agencies were recently hacked by the transfer tool at the hands of the CLOP ransomware gang, which is part of many attacks that are using a number of vulnerabilities in the platform.

The CLOP ransomware group is one of numerous gangs in Eastern Europe and Russia that are almost exclusively focused on extorting their victims for as much money as possible. “Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a .NET deserialisation vulnerability in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server... Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.” says the CISA statement.

MOVEit Hacked

The same day, Progress confirmed that its widely used MOVEit software had been Hacked. “Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorised access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment,” said Progress in a statement.

If you are a MOVEit Transfer customer, it is extremely important that you take immediate action in order to help protect your MOVEit Transfer environment.  

The best advice provided by Progress is probably to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard the environments. This should be done while a patch is being prepared to address the vulnerabilities and in case even more of them come to the surface.The issue has been published by Progress, and it is another SQL injection vulnerability that could potentially allow unauthenticated attackers to gain access into MOVEit's database. 

Should attackers present a payload into the MOVEit Transfer application endpoint, they could ultimately modify the database content. 

Progress Software is encouraging MOVEit Transfer customers to take immediate action to help harden their MOVEit Transfer environments, noting that it is "extremely important" that users act as quickly as possible. "As we continue to investigate the issue related to MOVEit Cloud and MOVEit Transfer that we previously reported, an independent source has disclosed a new vulnerability that could be exploited by a bad actor," according to a press statement.

Energy Companies & Universities Targeted

Cyber attacks using the MOVEit Transfer program have currently affected a number of US government agencies, alongside many other companies and organisations. These include Oak Ridge Associated Universities, a not-for-profit research center, and Waste Isolation Pilot Plant, a contractor which disposes of atomic energy waste, who are now having to deal with the loss of stolen information, disrupted systems, and sometimes even the demands of ransom payments.

It is anticipated that the number of corporate victims exposed to these Progress software vulnerabilities could run into the hundreds and, although there haven't been any indications that threat actors have yet exploited the new vulnerability, Progress says that it is communicating with customers with information and advice to help protect themselves and their customers.

Progress:   CISA:     Dark Reading:    CNN:    Malwarebytes:     The Stack:    NCSC:   

You Might Also Read: 

 

Update: BBC, British Airways & Boots In Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Is The Cybersecurity Maturity Model Certification (CMMC)?
Why Are Businesses Ignoring Incident Response? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

European Cybercrime Training and Education Group (ECTEG)

European Cybercrime Training and Education Group (ECTEG)

The primary aim of ECTEG is to enhance the coordination of cybercrime training, by identifying opportunities to build the capacity of countries to combat cybercrime

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

NeuShield

NeuShield

NeuShield is the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup.

360° Online Brand Protection

360° Online Brand Protection

360° Online Brand Protection have developed a response to monitor counterfeiting and piracy activity at the online point of sale.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.