Remember the MOVEit Transfer? Well, it’s back in the spotlight but not for winning any awards. Thanks to a pesky new vulnerability (CVE-2024-5806), threat actors can bypass authentication and go on a file tampering spree. The flaw sits in the SFTP module, just waiting for bad guys to exploit it like some sort of digital playground. While the company has hit the panic button and rolled out patches, the question remains whether everyone’s patched up or just sitting ducks.
In a plot twist that sounds like a geek’s horror movie, about 2,700 instances of MOVEit Transfer were found exposed online—mostly in the VIP suites of the internet, aka the US, UK, Germany, Canada, and the Netherlands. However, the cameo appearance by malicious actors trying to exploit this new flaw adds an extra chill. Despite the patches being ready to roll, how many have actually applied it is as mysterious as why we still use “password123” as a security password.
Last year, MOVEit wasn’t just moving files but also making headlines with a major breach involving the Cl0p ransomware group that treated itself to data from thousands of organizations. Think of it as the unwanted sequel in the network security movie franchise. This year, with such a critical flaw exposed, it seems like the MOVEit saga might just get another chapter titled, “Oops! We did it again.”
**Hot Take**
Who knew data transmission could be as risky as blindfolded tightrope walking over a digital pit of cyber alligators? MOVEit really needs to move it into a safer cyber practice before it becomes famous for being the ‘leakiest ship on the digital sea’. Here’s to hoping their next update includes less “Oops” and more “Aha” in security enhancements!
Original Article: https://www.techradar.com/pro/security/new-moveit-transfer-security-flaws-have-been-discovered-so-patch-now