A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)

Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to grab enterprise data, and Huntress researchers discovered CVE-2023-35036 after partnering with Progress to perform a code review of the web app. About CVE-2023-35708 CVE-2023-35708 is a vulnerability that could lead to escalated privileges and unauthorized access. … More →

The post …

application cl0p customers cve cve-2023-34362 cve-2023-35036 cve-2023-35708 cyber cyber extortion data data leak don't miss enterprise enterprise data exploited extortion file sharing fix grab hot stuff huntress injection lists moveit moveit transfer moveit vulnerability organizations progress progress software researchers software sql sql injection the web third transfer update usa victim vulnerability web web application withsecure