MyCert issues alert on MOVEit Transfer vulnerability, users and organisations urged to review advisory


Listed among the recommendations in the advisory by Progress are to disable traffic into the MOVEit Transfer environment or system, delete unauthorised files/users accounts and apply updated security patches. — Image by DCStudio on Freepik

The Malaysia Computer Emergency Response Team (MyCert) has issued an advisory on the MOVEit Transfer security flaw, which is being exploited by a ransomware gang to breach a number of companies around the world.

MyCert said in its advisory that threat actors could exploit the vulnerability to take over an affected system, adding that all MOVEIt Transfer versions are susceptible.

“MyCERT urges users and organisations to review the MOVEit Transfer Advisory (released by developer Progress), follow the mitigation steps, apply the necessary updates, and hunt for any malicious activity,” it said in the advisory released on June 15.

Among the recommendations listed in the advisory by Progress are to disable traffic into the MOVEit Transfer environment or system, delete unauthorised files/users accounts, and apply updated security patches.

MOVEit is a file transfer software generally used by corporations to share large files over the Internet.

In Malaysia, insurance companies Prudential Assurance Malaysia and Prudential BSN Takaful confirmed that they have been affected by a MOVEit cybersecurity incident.

The June 14 statement stated a likelihood that “personal agent and customer data” such as name, contact number and partial credit card information is affected due the incident. Investigations are ongoing.

According to TechCrunch, ransomware gang Clop has claimed responsibility for hacking a number of organisations around the world using the MOVEit vulnerability. They posted a victim list on the dark web naming companies like US-based bank 1st Source and UK-based Shell.

Other companies such as BBC and British Airways have also disclosed that their organisations were affected by the MOVEit vulnerability.

In a statement originally released on May 31, Progress reported that a vulnerability discovered in MOVEit Transfer and MOVEiT Cloud “could lead to escalated privileges and potential unauthorised access to the environment”.

Progress said it has alerted customers and released a security patch.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

Four futuristic concepts unveiled at Mobile World Congress 2024
India asks tech firms to seek approval before releasing 'unreliable' AI tools
One viral video got�this�job seeker hundreds of interview requests
Some doorbell cameras sold on Amazon and other online sites have major security flaws, report says
US man uses hidden camera in wall outlet to exploit children, troopers say
Establishment of commission ensures gig workers receive due protection, benefits
Bitcoin bounces beyond $64,000 as records beckon
China’s robotic dog can shoot like a pro. What is the US doing?
TikTok’s users are complaining about a ‘mystery virus’ spreading: Here’s what it really is
Google trims�jobs in trust and safety�while�others�work ‘around the clock’

Others Also Read