CTO Universe

MOVEit, the biggest hack of the year, by the numbers

TechCrunch

AUGUST 25, 2023

The mass-exploitation of MOVEit Transfer software has rapidly cemented itself as the largest hack of the year so far. While the full impact of the attack will likely remain untold for months to come, there are now more than 1,000 known victims of the MOVEit breach, according to cybersecurity company Emsisoft. 11 million In July, U.S.

Government

Government Internet Transportation Research

SEC is investigating MOVEit mass-hack, says Progress Software

TechCrunch

OCTOBER 11, 2023

securities regulators have opened a probe into the MOVEit mass-hack that has exposed the personal data of at least 64 million people, according to the company that made the affected software. In a regulatory filing this week, Progress Software confirmed it had received a subpoena from the U.S.

Software

Software Data Company

The MOVEit mass hacks hold a valuable lesson for the software industry

TechCrunch

AUGUST 11, 2023

The MOVEit mass hacks will likely go down in history as one of the largest and most successful cyberattacks of all time. In a post this week, Clop said that on August 15, it would leak the “secrets and data” of all MOVEit victims that refused to negotiate.

Industry

Industry Hotels Software Energy

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang

Tenable

JUNE 16, 2023

Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang. Background The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding the MOVEit Transfer vulnerabilities and the CL0P ransomware gang.

Windows

Windows SMB Groups Software

Decade of newborn child registry data stolen in MOVEit mass-hack

TechCrunch

SEPTEMBER 25, 2023

Ontario’s government-funded birth registry has confirmed a data breach affecting some 3.4 million people who sought pregnancy care, including the personal health data of close to two million newborns and children across the Canadian province.

Data

Data Government

CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild

Tenable

JUNE 2, 2023

CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild Discovery of a new zero-day vulnerability in MOVEit Transfer becomes the second zero-day disclosed in a managed file transfer solution in 2023, with reports suggesting that threat actors have stolen data from a number of organizations.

Technical Review

Technical Review Software Review Systems Review Groups

CCleaner says hackers stole users’ personal data during MOVEit mass-hack

TechCrunch

OCTOBER 27, 2023

The maker of the popular optimization app CCleaner has confirmed hackers stole a trove of personal information about its paid customers following a data breach in May.

Data

Data Software Company

Maine government says data breach affects 1.3 million residents

TechCrunch

NOVEMBER 9, 2023

In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. The hackers used […] © 2023 TechCrunch. All rights reserved. For personal use only.

Government

Government Data System Software

MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023

TechCrunch

DECEMBER 27, 2023

This year, 2023, was a hell of a year for data breaches, much like the year before it (and the year before that, etc.).

Data

Data Tools Organization

SFTP Gateway is NOT affected by the MOVEit vulnerability – an answer to a frequently asked question

Thorn Tech

JULY 4, 2023

Our support team at Thorn Technologies has been fielding questions about the MOVEit file transfer web application recently, with customers asking whether SFTP Gateway is affected by the recent MOVEit vulnerability.

Applications

Applications Technology

BrandPost: The future of cloud security: Top trends to watch in 2024

InfoWorld

MARCH 14, 2024

We saw multiple high-profile incidents, such as the discovery of a far-reaching zero-day vulnerability in the MOVEit file transfer server application and a rise in attackers targeting cloud credentials for lateral movement. 2023 was an eventful year for cloud security.

Cloud

Cloud Trends Storage DevOps

Protecting against software supply chain attacks

InfoWorld

JANUARY 30, 2024

Last year’s MOVEit and 3CX vulnerabilities offered a stark reminder of the risk software supply chain attacks pose today. Threat actors exploit vulnerabilities to infiltrate a software provider’s network and modify the software’s original functionality with malicious code.

Software

Software Network Applications Data

Apple devices spoofed, Musk eggs on Zuckerberg and Better.com goes public

TechCrunch

AUGUST 19, 2023

Americans’ health records stolen: Millions of Americans had their sensitive medical and health information stolen after hackers exploited a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM.

Technical Review

Technical Review Software Review Systems Review Social

CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server

Tenable

OCTOBER 2, 2023

Concerns due to exploitation of critical flaw in Progress Software’s MOVEit Transfer In late May, a zero-day vulnerability in Progress Software’s MOVEit Transfer secure managed file transfer (MFT) software was exploited by the CL0P ransomware group and has resulted in the compromise of over 2,000 organizations according to researchers at Emsisoft.

Software Review

Software Review Software Systems Review Authentication

Power of Oracle EPM Integration – Calling External RestAPI for Enhanced Performance

Perficient

JANUARY 11, 2024

Right now, it’s located in a cloud share location, which is managed by a third-party tool called “MoveIT.” ” MoveIT serves as a file-sharing interface through which we can transfer or modify the necessary files. We now download the files from the cloud file share and delete them from MoveIT.

Performance

Performance Cloud Construction Compliance

MOVEit Vulnerabilities: What You Need to Know

Symantec

JUNE 12, 2023

Symantec products guard against exploitation of vulnerabilities that are being actively exploited by cyber-crime actors.

Cybersecurity Snapshot: CISOs Value Prevention Over Response, While CISA Urges Cyber Teams To Prep for Quantum Attacks

Tenable

AUGUST 25, 2023

For the second consecutive month, the surge was driven by the CL0P ransomware gang’s exploitation of vulnerabilities in Progress Software’s MOVEit Transfer product. government crafts plans to boost the security of open source software (OSS), it’s seeking comments from the public on how to best accomplish its goals.

Malware

Malware Artificial Inteligence Open Source Artificial Intelligence

Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more

Tenable

DECEMBER 29, 2023

Targeting of a zero-day vulnerability in MOVEit Transfer – a secure managed file transfer (MFT) software made by Progress Software – was just the beginning. We'll continue to see these groups target zero-days and n-days in order to claim as many victims as possible.

Software Review

Software Review Development Team Review Systems Review Weak Development Team

Cybersecurity Snapshot: As Feds Hunt CL0P Gang, Check Out Tips on Ransomware Response, Secure Cloud Management and Cloud App Data Privacy

Tenable

JUNE 23, 2023

1 – Wanted: Feds offer $10 million reward for CL0P info The CL0P ransomware gang lately has been making hay out of the MOVEit Transfer vulnerabilities, so it's no surprise it's drawn the attention of law enforcement. Dive into six things that are top of mind for the week ending June 23. This week, the U.S. critical infrastructure.

Cloud

Cloud Systems Review Data Disaster Recovery

Cybersecurity Snapshot: SANS Offers Tips for Maximizing Smaller OT Security Budgets

Tenable

OCTOBER 6, 2023

After two record months for ransomware attacks, the fall in attacks in August was to be expected,” Matt Hull, Global Head of Threat Intelligence at NCC Group, said in the report , adding that CL0P’s MOVEit attacks “somewhat inflated” the June and July numbers. To get more details, read the full report.

Budget

Budget Report Survey Open Source

Cybersecurity Snapshot: U.S. Gov’t Unpacks AI Threat to Banks, as NCSC Urges OT Teams to Protect Cloud SCADA Systems

Tenable

MARCH 29, 2024

The alert was prompted by the SQLi vulnerabilities that Progress Software disclosed in its MOVEit Transfer product last year. One of the bugs was exploited in the wild by the CL0P ransomware gang.

Systems Review

Systems Review Weak Development Team Banking System

Building Trust in Public Sector AI Starts with Trusting Your Data

Cloudera

DECEMBER 1, 2023

This summer’s MOVEit data breach has impacted over 2,600 organizations and 70,500,000 people worldwide, including Maximus (11 million), the state of Maine (1.3 First and foremost, security is paramount when it comes to AI in the public sector. million), among others.

Data

Data Government Artificial Intelligence Artificial Inteligence

From Hype to Hope: Key Lessons on AI in Security, Innersource, and the Evolving Threat Landscape

Coveros

FEBRUARY 26, 2024

MoveIT What happened: This widespread attack targeted the MOVEit file transfer software used by numerous organizations. How it happened: A critical vulnerability in the MOVEit software allowed attackers to gain access to servers and deploy ransomware. Known victim organizations crossed the 1,000 milestone.

Software Review

Software Review Technical Review Open Source Weak Development Team

Cybersecurity Snapshot: Critical Infrastructure Orgs Must Beware of China-backed Volt Typhoon, Cyber Agencies Warn

Tenable

FEBRUARY 9, 2024

The dip in 2022 was “an anomaly, not a trend,” which Chainalysis attributes to one-time factors such as many ransomware gangs’ decision to shift their activities to the Russia-Ukraine war; and the FBI’s timely provision of decryption keys to Hive ransomware victims.

Weak Development Team

Weak Development Team Infrastructure Generative AI Artificial Inteligence

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability

Tenable

JANUARY 23, 2024

The Cl0p ransomware group has consistently targeted file transfer solutions as part of their ransomware campaigns over the last three years including several flaws in Accellion’s File Transfer Appliance (FTA) in late 2020/early 2021, CVE-2023-0669 in Fortra’s GoAnywhere MFT in January 2023 and CVE-2023-34362 in Progress Software’s MOVEit Secure MFT (..)

Authentication

Authentication Research Groups Analysis

Cybersecurity Snapshot: Get the Latest on Deepfake Threats, Open Source Risks, AI System Security and Ransomware Gangs

Tenable

SEPTEMBER 15, 2023

For more information about ransomware: “ Ransomware Protection: How to Prevent Ransomware Attacks ” (eSecurity Planet) “ The complete guide to ransomware ” (TechTarget) “ Stop Ransomware Guide” (CISA) “ Ransomware Preparedness: Why Organizations Should Plan for Ransomware Attacks Like Disasters ” (Tenable) VIDEO Anatomy of a Threat: MOVEIt (Tenable) (..)

Open Source

Open Source Systems Review System Software Review

Cloudy with a chance of threats: Advice for mitigating the top cyber threats of 2024

Lacework

FEBRUARY 7, 2024

Additionally, Mandiant observed the financially-motivated threat group FIN11 conducting two significant campaigns that exploited zero-day vulnerabilities in managed file transfer software from Fortra and MOVEit, leading to data theft and extortion operations that impacted hundreds of organizations in the first half of 2023.

Weak Development Team

Weak Development Team Malware Cloud Internet

Cybersecurity Snapshot: Are SBOMs on Your Supply Chain Security Radar Screen? Check Out New Recommendations from CISA and NSA

Tenable

NOVEMBER 17, 2023

For more information about recent ransomware trends and incidents: “ Ransomware Attacks Are on the Rise, Again ” (Wired) “ Healthcare giant McLaren reveals data on 2.2

Artificial Intelligence

Artificial Intelligence Artificial Inteligence Government Storage

August 2023 Patch Tuesday

Ivanti

AUGUST 8, 2023

Coveware’s July 2023 Quarterly Report is tracking the Average Ransom Payment at $740k (+126% from Q1 2023) and attributes this spike to the massive MOVEit campaign executed by CloP impacting over 1000 companies.

.Net

.Net Software Review Malware Trends

Cybersecurity Snapshot: GenAI Drives Broader Use of Artificial Intelligence Tech for Cyber

Tenable

OCTOBER 27, 2023

For more information about recent ransomware incidents and trends, check out these Tenable resources: “ CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups ” (blog) “ FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang ” (blog) “ FBI and CISA (..)

Artificial Inteligence

Artificial Inteligence Artificial Intelligence Technical Review Backup

Cybersecurity Snapshot: DHS Tracks New Ransomware Trends, as Attacks Drive Up Cyber Insurance Claims and Snatch Variant Triggers Alert

Tenable

SEPTEMBER 22, 2023

Other ransomware insights from the report include: The number of ransomware attacks in the U.S.

Insurance

Insurance Trends IoT Software Review

Bad CTOs mean startups have millions of dollars’ worth of cap table dead weight

TechCrunch

AUGUST 18, 2023

Data security is important, as we are reminded when millions of Americans had their health data stolen after MOVEit hackers targeted this little-known company called IBM. Keeping half an eye on what the cybercriminals are up to might help keep their shenanigans front of mind.

Technical Review

Technical Review Media Real Estate Software Review

Tenable Is Named a Leader in Vulnerability Risk Management by Independent Research Firm

Tenable

SEPTEMBER 20, 2023

Since then, organizations have observed the havoc critical unpatched vulnerabilities like Log4Shell and MOVEit can create. They’ve also expanded their technological footprint (from employees’ homes to the cloud) while new types of threats and vulnerabilities continue to emerge.

Research

Research Report Generative AI Programming

Radar Trends to Watch: September 2023

O'Reilly Media - Ideas

SEPTEMBER 5, 2023

A retrospective on this year’s MoveIT attack draws some important conclusions about protecting your assets. PoW is disabled most of the time, but when traffic seems unusually high, it can switch on, forcing users to “prove” their humanness (actually, their willingness to perform work).

Trends

Trends Artificial Inteligence ChatGPT Weak Development Team

Cybersecurity Snapshot: LockBit Gang Gets Knocked Down, as CISA Stresses Security of Water Plants

Tenable

FEBRUARY 23, 2024

government has released a fact sheet with security measures these facilities should take as soon as possible.

Artificial Inteligence

Artificial Inteligence Artificial Intelligence Generative AI ChatGPT

Cybersecurity Snapshot: SEC Wants More Cybersecurity Transparency from Public Companies

Tenable

JULY 28, 2023

5 – NCC Group: Ransomware attacks on the upswing Ransomware attacks spiked in June, climbing a whopping 221% year-on-year, an increase driven in part by the CL0P ransomware gang’s exploitation of vulnerabilities in Progress Software’s MOVEit Transfer product. To get more details, download the report. 14%) and newcomer 8base (9%).

Company

Company Technical Review Artificial Inteligence Systems Review

Cybersecurity Snapshot: As AI Worries Spike, Experts Send Secure AI Advice to the White House, Capitol Hill

Tenable

JUNE 30, 2023

NCSC) VIDEO Anatomy of a Threat: MOVEIt (Tenable) 5 – CSA’s top cloud IAM challenges The Cloud Security Alliance’s Identity and Access Management Working Group has ranked the top 10 challenges in cloud identity and access management.

Security

Security ChatGPT Artificial Intelligence Artificial Inteligence

MOVEit, the biggest hack of the year, by the numbers

SEC is investigating MOVEit mass-hack, says Progress Software

Webinars

Trending Sources

The MOVEit mass hacks hold a valuable lesson for the software industry

Webinars

FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang

Decade of newborn child registry data stolen in MOVEit mass-hack

CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild

CCleaner says hackers stole users’ personal data during MOVEit mass-hack

Maine government says data breach affects 1.3 million residents

MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023

SFTP Gateway is NOT affected by the MOVEit vulnerability – an answer to a frequently asked question

BrandPost: The future of cloud security: Top trends to watch in 2024

Protecting against software supply chain attacks

Apple devices spoofed, Musk eggs on Zuckerberg and Better.com goes public

CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server

Power of Oracle EPM Integration – Calling External RestAPI for Enhanced Performance

MOVEit Vulnerabilities: What You Need to Know

Cybersecurity Snapshot: CISOs Value Prevention Over Response, While CISA Urges Cyber Teams To Prep for Quantum Attacks

Cybersecurity Snapshot: What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more

Cybersecurity Snapshot: As Feds Hunt CL0P Gang, Check Out Tips on Ransomware Response, Secure Cloud Management and Cloud App Data Privacy

Cybersecurity Snapshot: SANS Offers Tips for Maximizing Smaller OT Security Budgets

Cybersecurity Snapshot: U.S. Gov’t Unpacks AI Threat to Banks, as NCSC Urges OT Teams to Protect Cloud SCADA Systems

Building Trust in Public Sector AI Starts with Trusting Your Data

From Hype to Hope: Key Lessons on AI in Security, Innersource, and the Evolving Threat Landscape

Cybersecurity Snapshot: Critical Infrastructure Orgs Must Beware of China-backed Volt Typhoon, Cyber Agencies Warn

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability

Cybersecurity Snapshot: Get the Latest on Deepfake Threats, Open Source Risks, AI System Security and Ransomware Gangs

Cloudy with a chance of threats: Advice for mitigating the top cyber threats of 2024

Cybersecurity Snapshot: Are SBOMs on Your Supply Chain Security Radar Screen? Check Out New Recommendations from CISA and NSA

August 2023 Patch Tuesday

Cybersecurity Snapshot: GenAI Drives Broader Use of Artificial Intelligence Tech for Cyber

Cybersecurity Snapshot: DHS Tracks New Ransomware Trends, as Attacks Drive Up Cyber Insurance Claims and Snatch Variant Triggers Alert

Bad CTOs mean startups have millions of dollars’ worth of cap table dead weight

Tenable Is Named a Leader in Vulnerability Risk Management by Independent Research Firm

Radar Trends to Watch: September 2023

Cybersecurity Snapshot: LockBit Gang Gets Knocked Down, as CISA Stresses Security of Water Plants

Cybersecurity Snapshot: SEC Wants More Cybersecurity Transparency from Public Companies

Cybersecurity Snapshot: As AI Worries Spike, Experts Send Secure AI Advice to the White House, Capitol Hill

Stay Connected