Software maker Progress Software Corp, after disclosing the
vulnerability on Wednesday, said it could lead to potential unauthorized access
into users' systems.
The managed file transfer software made by the Burlington,
Massachusetts-based company allows organizations to transfer files and data
between business partners and customers.
It was not immediately clear which or how many organizations
use the software or were impacted by potential breaches. Chief Information
Officer Ian Pitt declined to share those details but said Progress Software had
made fixes available since it discovered the vulnerability late on May 28.
The software's eponymous cloud-based service had also been
impacted by this, he told Reuters.
"As of now we see no exploit of the cloud
platform," he said.
Cybersecurity firm Rapid7 and Mandiant Consulting - owned by
Alphabet's Google - said they had found a number of cases in which the flaw had
been exploited to steal data.
"Mass exploitation and broad data theft have occurred
over the past few days," Charles Carmakal, chief technology officer of
Mandiant Consulting, said in a statement.
Such "zero-day," or previously unknown,
vulnerabilities in managed file transfer solutions have led to data theft,
leaks, extortion, and victim-shaming in the past, Mandiant said.
"Although Mandiant does not yet know the motivation of
the threat actor, organizations should prepare for potential extortion and
publication of the stolen data," Carmakal said.
Rapid7 said it had noticed an uptick in cases of compromise
linked to the flaw since it was disclosed.
Progress Software has outlined steps users at risk can take
to mitigate the impact of the security vulnerability.
Pitt did not have a comment on who might have been trying to
steal data by exploiting the flaw.
"We have no evidence of it being used to spread
malware," he said.
MOVEit Transfer was used by a relatively "small"
number of customers compared to those of the company's other software products
that number more than 20, he said.
"We have forensics partners on board and we are working
with them to make sure that we have an ever-evolving grasp of the
situation." © Reuters
0 comments:
Post a Comment