Progress Software Has Critical Hacking Vulnerabilities

Uploaded on 2023-06-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Several US federal government agencies have been hit in a global cyber attack by Russian cyber criminal gang, called ClOP, that is exploiting a vulnerability in widely used Progress software product, according to a top US cyber security agency. Progress has confirmed this vulnerability in MOVEit Transfer, which most probably assists criminal environment access. 

On June 15 the US Cybersecurity & Infrastructure Security Agency (CISA) said that another software product from Progress had been exploited to breach multiple US federal agencies by “unattributed APT actors”, these products are from a Progress subsidiary Telerik, which was a company acquired in 2014.

The release of the advisory detailing the latest vulnerability comes after CISA said that federal agencies were recently hacked by the transfer tool at the hands of the CLOP ransomware gang, which is part of many attacks that are using a number of vulnerabilities in the platform.

The CLOP ransomware group is one of numerous gangs in Eastern Europe and Russia that are almost exclusively focused on extorting their victims for as much money as possible. “Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a .NET deserialisation vulnerability in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server... Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.” says the CISA statement.

MOVEit Hacked

The same day, Progress confirmed that its widely used MOVEit software had been Hacked. “Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorised access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment,” said Progress in a statement.

If you are a MOVEit Transfer customer, it is extremely important that you take immediate action in order to help protect your MOVEit Transfer environment.  

The best advice provided by Progress is probably to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard the environments. This should be done while a patch is being prepared to address the vulnerabilities and in case even more of them come to the surface.The issue has been published by Progress, and it is another SQL injection vulnerability that could potentially allow unauthenticated attackers to gain access into MOVEit's database. 

Should attackers present a payload into the MOVEit Transfer application endpoint, they could ultimately modify the database content. 

Progress Software is encouraging MOVEit Transfer customers to take immediate action to help harden their MOVEit Transfer environments, noting that it is "extremely important" that users act as quickly as possible. "As we continue to investigate the issue related to MOVEit Cloud and MOVEit Transfer that we previously reported, an independent source has disclosed a new vulnerability that could be exploited by a bad actor," according to a press statement.

Energy Companies & Universities Targeted

Cyber attacks using the MOVEit Transfer program have currently affected a number of US government agencies, alongside many other companies and organisations. These include Oak Ridge Associated Universities, a not-for-profit research center, and Waste Isolation Pilot Plant, a contractor which disposes of atomic energy waste, who are now having to deal with the loss of stolen information, disrupted systems, and sometimes even the demands of ransom payments.

It is anticipated that the number of corporate victims exposed to these Progress software vulnerabilities could run into the hundreds and, although there haven't been any indications that threat actors have yet exploited the new vulnerability, Progress says that it is communicating with customers with information and advice to help protect themselves and their customers.

Progress:   CISA:     Dark Reading:    CNN:    Malwarebytes:     The Stack:    NCSC:   

You Might Also Read: 

 

Update: BBC, British Airways & Boots In Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Is The Cybersecurity Maturity Model Certification (CMMC)?
Why Are Businesses Ignoring Incident Response? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

OneTrust

OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.

SUCCESS Computer Consulting

SUCCESS Computer Consulting

SUCCESS Computer Consulting is a leader in managed IT and security services for small and medium-sized businesses in Minneapolis, St. Paul, and the surrounding Twin Cities Metro area.