Progress Software Has Critical Hacking Vulnerabilities

Uploaded on 2023-06-22 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Several US federal government agencies have been hit in a global cyber attack by Russian cyber criminal gang, called ClOP, that is exploiting a vulnerability in widely used Progress software product, according to a top US cyber security agency. Progress has confirmed this vulnerability in MOVEit Transfer, which most probably assists criminal environment access. 

On June 15 the US Cybersecurity & Infrastructure Security Agency (CISA) said that another software product from Progress had been exploited to breach multiple US federal agencies by “unattributed APT actors”, these products are from a Progress subsidiary Telerik, which was a company acquired in 2014.

The release of the advisory detailing the latest vulnerability comes after CISA said that federal agencies were recently hacked by the transfer tool at the hands of the CLOP ransomware gang, which is part of many attacks that are using a number of vulnerabilities in the platform.

The CLOP ransomware group is one of numerous gangs in Eastern Europe and Russia that are almost exclusively focused on extorting their victims for as much money as possible. “Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a .NET deserialisation vulnerability in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server... Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.” says the CISA statement.

MOVEit Hacked

The same day, Progress confirmed that its widely used MOVEit software had been Hacked. “Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorised access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment,” said Progress in a statement.

If you are a MOVEit Transfer customer, it is extremely important that you take immediate action in order to help protect your MOVEit Transfer environment.  

The best advice provided by Progress is probably to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard the environments. This should be done while a patch is being prepared to address the vulnerabilities and in case even more of them come to the surface.The issue has been published by Progress, and it is another SQL injection vulnerability that could potentially allow unauthenticated attackers to gain access into MOVEit's database. 

Should attackers present a payload into the MOVEit Transfer application endpoint, they could ultimately modify the database content. 

Progress Software is encouraging MOVEit Transfer customers to take immediate action to help harden their MOVEit Transfer environments, noting that it is "extremely important" that users act as quickly as possible. "As we continue to investigate the issue related to MOVEit Cloud and MOVEit Transfer that we previously reported, an independent source has disclosed a new vulnerability that could be exploited by a bad actor," according to a press statement.

Energy Companies & Universities Targeted

Cyber attacks using the MOVEit Transfer program have currently affected a number of US government agencies, alongside many other companies and organisations. These include Oak Ridge Associated Universities, a not-for-profit research center, and Waste Isolation Pilot Plant, a contractor which disposes of atomic energy waste, who are now having to deal with the loss of stolen information, disrupted systems, and sometimes even the demands of ransom payments.

It is anticipated that the number of corporate victims exposed to these Progress software vulnerabilities could run into the hundreds and, although there haven't been any indications that threat actors have yet exploited the new vulnerability, Progress says that it is communicating with customers with information and advice to help protect themselves and their customers.

Progress:   CISA:     Dark Reading:    CNN:    Malwarebytes:     The Stack:    NCSC:   

You Might Also Read: 

 

Update: BBC, British Airways & Boots In Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Is The Cybersecurity Maturity Model Certification (CMMC)?
Why Are Businesses Ignoring Incident Response? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

Stott & May

Stott & May

Stott & May is a specialist cyber security recruitment agency.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

Trusted Technologies and Solutions (TTS)

Trusted Technologies and Solutions (TTS)

TTS is a security consulting company specialised on business continuity and crisis management, information security management, information risk management and identity and access management.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

AC3

AC3

AC3 is a leading secure cloud services provider, focused on turning your technology challenges into real results.

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia - Spain

Cybersecurity Agency of Catalonia is responsible for implementing public policies in the field of cybersecurity and developing the cybersecurity strategy of the Generalitat de Catalunya.