On May 31, 2023 Progress released a security bulletin about CVE-2023-34362, a vulnerability in MOVEIt Transfer that was being actively exploited. At the time we had a few details about how it was being exploited, but not by whom. 

• Over the next few days it became clear that the Cl0p ransomware group had been testing the vulnerability since July 2021 and decided to deploy it over the Memorial Day weekend. The first victims became known.
• GDPR requires that breach victims notify of Cyber-attacks not later than 72 hours following a breach. The US has yet to adopt similar legislation.
• A second vulnerability was found while new victims were still coming forward. After the first vulnerability was discovered, MOVEit’s owner, Progress Software partnered with third-party cybersecurity experts to conduct further detailed code reviews of the software and found CVE-2023-35036.
• Progress posted a new bulletin about it on June 9, 2023.
• On June 15, 2023, Progress published information about a third critical vulnerability which got listed as CVE2023-35708 on June 16.

This latest vulnerability could lead to escalated privileges and potential unauthorized access to the environment. To download your free copy, just hit the button, but if you would like to join our community, please fill out the form. Thank You.