Found 3 bookmarks
Custom sorting
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
Progress un-embargoed an authentication bypass vulnerability in Progress MOVEit Transfer. Many sysadmins may remember last year’s CVE-2023-34362, a cataclysmic vulnerability in Progress MOVEit Transfer that sent ripples through the industry, claiming such high-profile victims as the BBC and FBI. Sensitive data was leaked, and sensitive data was destroyed, as the cl0p ransomware gang leveraged 0days to steal data - and ultimately leaving a trail of mayhem.
#watchtowr.com#EN#2024#MOVEit#CVE-2024-5806#Analysis#PoC
·labs.watchtowr.com·
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
On May 31, threat actors were discovered targeting a critical zero day in MOVEit Transfer software resulting in escalated privileges and unauthorized data access. The vulnerability being exploited is an SQL injection and has since been patched. Resources links, including one for the patch, are at the bottom of this post.
#trustwave#EN#2023#0-day#MOVEit#CVE-2023-34362#analysis
·trustwave.com·
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)