Free Video Downloader

Fast and free all in one video downloader

For Example: https://www.youtube.com/watch?v=OLCJYT5y8Bo

1

Copy shareable video URL

2

Paste it into the field

3

Click to download button

Progress, the company behind MOVEit, patches new actively exploited security flaws
October 5, 2023

Progress, the company behind MOVEit, patches new actively exploited security flaws

MediaDownloaderSecurity
Reading Time: 2 minutes

Progress Software, the company behind the recently hacked MOVEit file-transfer software, has released fixes for two more critical-rated vulnerabilities that are being exploited by attackers.

In an advisory published last week, Progress warned of multiple vulnerabilities affecting its enterprise-facing WS_FTP file-transfer software, which the company claims is used by thousands of IT teams worldwide for the ‘reliable and secure transfer of critical data.’

Two of the WS_FTP vulnerabilities were tracked as critical. The first, CVE-2023-40044, which was given a maximum vulnerability severity rating of 10.0, is described as a .NET deserialization flaw that could allow an attacker to execute remote commands on the underlying operating system. The second, tracked as CVE-2023-42657, is a directory traversal vulnerability that could allow an attacker to perform file operations outside the authorized WS_FTP folder path.

It’s not yet known who is behind these attacks or how many WS_FTP customers have been impacted by this exploitation.

John Eddy, a spokesperson for Progress via an outside public relations agency, provided a statement that criticized security researchers for releasing proof-of-concept exploit code for the vulnerability, but declined to name the researchers. Progress said it was ‘not aware of any evidence that these vulnerabilities were being exploited prior to that release.’

Security company Assetnote, which first discovered the WS_FTP vulnerabilities, said that there are 2,900 hosts on the internet that are running WS_FTP and have their webserver exposed. ‘Most of these online assets belong to large enterprises, governments and educational institutions,’ the company said.

Progress Software has released a patch for the vulnerabilities and is urging customers to apply the fixes urgently. Rapid7 has shared indicators of compromise that enterprise defenders can look for to establish whether their organization has been hit.

News of attackers exploiting vulnerabilities in Progress Software’s WS_FTP software comes as the company continues to grapple with the aftermath of mass-attacks exploiting a zero-day flaw in its MOVEit Transfer platform. These attacks, which began on May 27, have been claimed by the Clop ransomware group, and the number of organizations affected has exceeded the 2,100 mark, though the true number of those affected is likely significantly higher.

Updated with comment from Progress.

Reference: https://techcrunch.com/2023/10/02/progress-moveit-ftp-actively-exploited-security-flaws/

Ref: techcrunch

MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG

cyberattackCybersecuritydata breachfile transfersmoveit

Leave a Reply

Your email address will not be published. Required fields are marked *