Progress Software Has Critical Hacking Vulnerabilities

Several US federal government agencies have been hit in a global cyber attack by Russian cyber criminal gang, called ClOP, that is exploiting a vulnerability in widely used Progress software product, according to a top US cyber security agency. Progress has confirmed this vulnerability in MOVEit Transfer, which most probably assists criminal environment access. 

On June 15 the US Cybersecurity & Infrastructure Security Agency (CISA) said that another software product from Progress had been exploited to breach multiple US federal agencies by “unattributed APT actors”, these products are from a Progress subsidiary Telerik, which was a company acquired in 2014.

The release of the advisory detailing the latest vulnerability comes after CISA said that federal agencies were recently hacked by the transfer tool at the hands of the CLOP ransomware gang, which is part of many attacks that are using a number of vulnerabilities in the platform.

The CLOP ransomware group is one of numerous gangs in Eastern Europe and Russia that are almost exclusively focused on extorting their victims for as much money as possible. “Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a .NET deserialisation vulnerability in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server... Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.” says the CISA statement.

MOVEit Hacked

The same day, Progress confirmed that its widely used MOVEit software had been Hacked. “Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorised access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment,” said Progress in a statement.

If you are a MOVEit Transfer customer, it is extremely important that you take immediate action in order to help protect your MOVEit Transfer environment.  

The best advice provided by Progress is probably to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard the environments. This should be done while a patch is being prepared to address the vulnerabilities and in case even more of them come to the surface.The issue has been published by Progress, and it is another SQL injection vulnerability that could potentially allow unauthenticated attackers to gain access into MOVEit's database. 

Should attackers present a payload into the MOVEit Transfer application endpoint, they could ultimately modify the database content. 

Progress Software is encouraging MOVEit Transfer customers to take immediate action to help harden their MOVEit Transfer environments, noting that it is "extremely important" that users act as quickly as possible. "As we continue to investigate the issue related to MOVEit Cloud and MOVEit Transfer that we previously reported, an independent source has disclosed a new vulnerability that could be exploited by a bad actor," according to a press statement.

Energy Companies & Universities Targeted

Cyber attacks using the MOVEit Transfer program have currently affected a number of US government agencies, alongside many other companies and organisations. These include Oak Ridge Associated Universities, a not-for-profit research center, and Waste Isolation Pilot Plant, a contractor which disposes of atomic energy waste, who are now having to deal with the loss of stolen information, disrupted systems, and sometimes even the demands of ransom payments.

It is anticipated that the number of corporate victims exposed to these Progress software vulnerabilities could run into the hundreds and, although there haven't been any indications that threat actors have yet exploited the new vulnerability, Progress says that it is communicating with customers with information and advice to help protect themselves and their customers.

Progress:   CISA:     Dark Reading:    CNN:    Malwarebytes:     The Stack:    NCSC:   

You Might Also Read: 

 

Update: BBC, British Airways & Boots In Supply Chain Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« What Is The Cybersecurity Maturity Model Certification (CMMC)?
Why Are Businesses Ignoring Incident Response? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

BioCatch

BioCatch

BioCatch uses behavioral biometrics for fraud prevention and detection. Continuous authentication for web and mobile applications to prevent new account fraud.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

Encova Insurance

Encova Insurance

Encova’s cyber liability coverage protects you and your customers in case of a security breach in your company's data.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

HYCU

HYCU

HYCU was born of the need to simplify data protection and provide equivalent levels of backup and recovery support across on premises, public cloud, and SaaS workloads.

P3M Works

P3M Works

P3M Works delivers Cyber Security and Digital Transformation projects across both private and public sector clients.