June 26, 2024 at 11:21AM
A critical security flaw CVE-2024-5806 impacting Progress Software MOVEit Transfer enables attackers to bypass SFTP authentication, with exploitation attempts already reported. Researchers emphasize risks and urge immediate action, including patching and restricting server access. The flaw affects numerous systems worldwide, making prompt updates essential. CISA also disclosed a recent cybersecurity incident.
From the meeting notes on June 26, 2024, the key takeaways are:
– A critical security flaw impacting Progress Software MOVEit Transfer, tracked as CVE-2024-5806, has been disclosed. Successful exploitation of this vulnerability could allow attackers to bypass SFTP authentication and gain access to MOVEit Transfer and Gateway systems.
– The cybersecurity company watchTowr Labs has published additional technical specifics about CVE-2024-5806, indicating that it could be weaponized to impersonate any user on the server.
– Progress Software has urged customers to take specific steps to mitigate the risk, including blocking public inbound RDP access to MOVEit Transfer server(s) and limiting outbound access to known trusted endpoints from MOVEit Transfer server(s).
– There are around 2,700 MOVEit Transfer instances online, with most of them located in the U.S., the U.K., Germany, the Netherlands, Canada, Switzerland, Australia, France, Ireland, and Denmark.
– It’s essential for users to update to the latest versions of MOVEit Transfer to address the critical security issues.
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that its Chemical Security Assessment Tool (CSAT) was targeted earlier in January by an unknown threat actor, taking advantage of security flaws in the Ivanti Connect Secure (ICS) appliance. However, the agency found no evidence of data exfiltration.
These takeaways highlight the urgency of addressing the CVE-2024-5806 vulnerability and the importance of updating to the latest versions to mitigate security risks.