#Ftp server android open source software#
BleepingComputer says it has information that cybercriminals have been exploiting the zero-day in the MOVEit MFT software to perform massive data downloads from organizations. Several researchers have observed that this vulnerability is being exploited in the wild. To give you an idea of the possible impact, a Shodan search query for exposed MOVEit Transfer instances yielded over 2,500 results, most of which belong to US customers. Progress advertises MOVEit as the leading secure Managed File Transfer (MFT) software used by thousands of organizations around the world to provide complete visibility and control over file transfer activities. As such it has a large userbase in the healthcare industry and many others. MOVEit Transfer is a widely used file transfer software which encrypts files and uses secure File Transfer Protocols to transfer data. This means the vulnerability could lead to an attacker gaining escalated privileges and unauthorized access to the environment. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.“ The security bulletin states: “a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer's database.
On May 31, 2023, Progress Software released a security bulletin about a critical vulnerability in MOVEit Transfer.
0 kommentar(er)
