Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Are you a victim of the MOVEit breach?
The MOVEit breach was one of the biggest hacks of 2023, with the Clop ransomware group ransoming thousands of organizations and taking tens of millions of dollars.
What is MOVEit?
MOVEit is secure file transfer software and service developed by Progress Software, designed to facilitate the secure transfer of sensitive data between organizations and individuals. MOVEit is used by businesses, government organizations, universities and basically any organization that stores and manages its data, allowing companies to securely transfer files and data. secure to protect them from unauthorized access or violation.
However, in May 2023, the Clop ransomware group attacked thousands of organizations that were using MOVEIt to obtain their data.
How did the MOVEit breach occur?
In May 2023, the notorious ransomware group Clop exploited multiple zero-day vulnerabilities in the MOVEIt application.
A zero-day vulnerability is a software security vulnerability that is unknown to the vendor or the public and is exploited by attackers before a fix or patch is available. Zero-day vulnerabilities are especially dangerous because they can be secretly exploited without the vendor's knowledge for a very long time.
Progress Software eventually patched these vulnerabilities, but it was too late. During the time the vulnerability was unknown to the public and vendors, attackers accessed and breached the data of thousands of organizations that used MOVEit to manage and transfer their data.
The Clop ransomware group discovered multiple SQL injection vulnerabilities in the MOVEit application, allowing them to access organizations' databases and download and view data. SQL injection is a vulnerability in which malicious SQL code is inserted into input fields, exploiting vulnerabilities in database-based applications. Unauthorized code can manipulate the database, potentially revealing or altering sensitive information.
The discovered SQL injection vulnerabilities are CVE-2023-34362, CVE-2023-35036, and CVE-2023-35708, patched on May 31, 2023, June 9, 2023, and June 15, respectively 2023. All versions of the MOVEit transfer application have this vulnerability. When exploited, it allows an unauthenticated attacker to gain access to the contents of an organization's MOVEIt transfer database. This means that an attacker can download, change or even delete the database without any restrictions.
Impact of the MOVEit breach
According to Emisoft's analysis and statistics related to the MOVeit data breach, as of November 9, 2023, 2,659 organizations were affected by the MOVeit breach and more than 67 million people became victims, which organizations are primarily based in the United States and Canada, Germany, and the United Kingdom.
Education was the sector hardest hit, with data from many universities stolen by these attackers. Educational institutions affected by this breach include the New York City public school system, John Hopkins University, University of Alaska, and Webster University, along with many other prominent universities. Other sectors greatly affected by this breach include the healthcare industry, banking, financial institutions, and businesses.
Some of the famous organizations affected by MOVEit ransomware include BBC, Shell, Siemens Energy, Ernst &Young and British Airways.
On September 25, 202, the leading prenatal, infant and child registry service, BORN Ontario, released a statement regarding the MOVEit breach, revealing that they were affected by the breach. MOVEit. According to their report, the MOVEit vulnerability allows malicious third-party actors to illegally access and copy personal health information files contained in BORN Ontario records, which were transferred using secure file transfer software. full.
In response, Born Ontario immediately isolated the system, shut down the affected server, and launched an investigation, collaborating with cybersecurity experts to determine the severity and specific data. has been stolen.
Many of these organizations were attacked not because they used the MOVEit app, but because they sponsored third-party vendors that used the MOVEit transfer app, leading to them being breached as well. The same situation happened to other organizations, costing billions of dollars in ransomware payments and other security fixes.
If you have been affected by the MOVEit breach, what to do next?
If you are still using MOVEit, update to the latest version immediately to prevent your files and data from being stolen by hackers.
Unfortunately, the Internet and the software that uses it are vulnerable to hacking and ransomware attacks, and you must keep yourself and your assets safe by changing your passwords regularly, using anti-virus software, and using anti-virus software. virus and enable multi-factor authentication.
But as the MOVEit breach shows, even though you can do all that, hackers will constantly find new exploits.
Samuel DanielYou should read it
- Microsoft's 6 Biggest Hacks
- 7 Apple hacks, breaches, and security vulnerabilities you didn't know about
- Already in 2020, passwords are still the leading cause of data breaches
- Six ways to prevent data leakage
- How to backup computer to external hard drive? (Windows and Mac)
- Mixcloud has been hacked, more than 20 million user records could have fallen into hackers
- This is the greatest danger when working from a distance
- An online dating application hacked, 3.6 million users affected
May be interested
- Be wary of phishing when logging on to Facebook and how to protect your Facebook account
those who do not pay attention will easily be the victim hacked or cheated, if you regularly use facebook, then you should start paying attention is just if you do not want to be a victim. - How does DNA identify victims in mass disasters?dna analysis is considered the gold standard for identifying victims in mass shootings. but how does dna identify victims in mass murder?
- New IM worm ... chat with the victim himselffor the first time, a worm automatically chat with users via im programs, enticing them to click on a malicious link to attack the victim's computer.
- Malware uses sex images to distract usersa consultant of it security firm sophos warned: don't become a victim of malware using powerpoint files containing 'room' images from the kama sutra.
- Detecting a new ransomware strain, not asking for data ransom, but only needing the victim to join the Hacker's Discord serverinternational security researchers have just stumbled upon a strain of ransomware that possesses rather strange behavior. called 'hog', this ransomware still enters the system and encrypts the victim's files.
- Pervert found the victim's house by zooming into her eyes through selfie photos on social networksperverted find the address of the victim through the selfie that the girl or posted on social networks by zooming in on things reflected in her eyes - literally!
- A ransomware declared decommissioned and refunded the ransom to the victimdeclared decommissioning and returning the ransom to the victim are certainly extremely rare in the world of ransomware.
- Ancient human skulls are the world's oldest tsunami victims foundscientists have discovered that an ancient human skull in papua new guinea could be the victim of the world's oldest tsunami.
- Ransomware STOP started installing Trojans to steal victim passwordsin addition to encrypting files on the system, ransomware stop strains have also started quietly installing the azorult password stealing trojan on the victim's computer to steal account information, electronic wallet, and file desktop ...
- 7 Apple hacks, breaches, and security vulnerabilities you didn't know aboutapple is no stranger to security incidents, be they a hack, breach or security vulnerability. you may not be aware of these different problems, and some may still put you at risk.
Tech info
- 8 wrong decisions in the history of the technology industry
- The Windows 1.0 operating system is 40 years old
- Microsoft launches the .NET 8 developer platform with .NET Aspire
- Warning: Do not download the Google Bard app! It's malware!
- How to use AI Image Editor to edit photos with AI
- The 12-inch screen can stretch like a piece of LG rubber
8 wrong decisions in the history of the technology industry
The Windows 1.0 operating system is 40 years old
Microsoft launches the .NET 8 developer platform with .NET Aspire
Warning: Do not download the Google Bard app! It's malware!
How to use AI Image Editor to edit photos with AI
The 12-inch screen can stretch like a piece of LG rubber