Data Stolen Through Flaw in MOVEit Transfer, Researchers Say (reuters.com) 15
Reuters reports:
Hackers have stolen data from the systems of a number of users of the popular file transfer tool MOVEit Transfer, U.S. security researchers said on Thursday, one day after the maker of the software disclosed that a security flaw had been discovered. Software maker Progress Software Corp, after disclosing the vulnerability on Wednesday, said it could lead to potential unauthorized access into users' systems.
The managed file transfer software made by the Burlington, Massachusetts-based company allows organizations to transfer files and data between business partners and customers. It was not immediately clear which or how many organizations use the software or were impacted by potential breaches. Chief Information Officer Ian Pitt declined to share those details, but said Progress Software had made fixes available since it discovered the vulnerability late on May 28...
Cybersecurity firm Rapid7 Inc and Mandiant Consulting — owned by Alphabet Inc's Google — said they had found a number of cases in which the flaw had been exploited to steal data. "Mass exploitation and broad data theft has occurred over the past few days," Charles Carmakal, chief technology officer of Mandiant Consulting, said in a statement... "Although Mandiant does not yet know the motivation of the threat actor, organizations should prepare for potential extortion and publication of the stolen data," Carmakal said.
Thanks to long-time Slashdot reader rexx mainframe for sharing the story.
The managed file transfer software made by the Burlington, Massachusetts-based company allows organizations to transfer files and data between business partners and customers. It was not immediately clear which or how many organizations use the software or were impacted by potential breaches. Chief Information Officer Ian Pitt declined to share those details, but said Progress Software had made fixes available since it discovered the vulnerability late on May 28...
Cybersecurity firm Rapid7 Inc and Mandiant Consulting — owned by Alphabet Inc's Google — said they had found a number of cases in which the flaw had been exploited to steal data. "Mass exploitation and broad data theft has occurred over the past few days," Charles Carmakal, chief technology officer of Mandiant Consulting, said in a statement... "Although Mandiant does not yet know the motivation of the threat actor, organizations should prepare for potential extortion and publication of the stolen data," Carmakal said.
Thanks to long-time Slashdot reader rexx mainframe for sharing the story.
managed file transfer software (Score:1)
Don't know about them, but I just use ftp. FileZilla has always been my favorite
Re: (Score:3, Funny)
Don't know about them, but I just use ftp. FileZilla has always been my favorite
Plus with FTP you never have to worry about flaws in the software, since the protocol itself is completely insecure!
Re:managed file transfer software (Score:5, Informative)
You do know that FTP has had TLS support since...2005:
https://www.rfc-editor.org/rfc... [rfc-editor.org]
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Yes, and I also know I've hardly seen anyone actually implement it and require its use.
Better (Score:3, Funny)
We always transfer files via torrent sites. It's fast and you also get free backup service. Win!
Re: (Score:2)
Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
-- Andrew S. Tanenbaum
What about Globus? (Score:3, Interesting)
The problem is finding the holes (Score:1)
These "cyber security researcher" kids have to eat, too, so you'll just have to wait until someone greases their palms for doing what they like doing best: Find holes in other people's software.
What is this ? (Score:3, Informative)
I never heard of it and did a search:
https://www.ipswitch.com/moveit-transfer
From what I gather it is a product you purchase and looks like Windows only. After a painful session on their site, it is Windows only. So I guess another case of "You get what you pay for".
https://docs.ipswitch.com/MOVEit/Transfer2020/ReleaseNotes/en/49301.htm
When you are built on top of crap, you will sink into it too.
Why not stick to standards (Score:3)
Highly Doubtful - likely clickbait (Score:4, Informative)
It is unlikely that the data was stolen. I have (almost) never heard of a case where data was "stolen*. Often it is merely copied.
Re: (Score:1)
Re: (Score:2)
Opinions are like assholes -- everyone has one -- including, apparantly, this RIAA (whatever the hell that is -- I do not think their opinion is of any relevance).