all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Noname Public Service Announcement: Moveit attack involving API abuse

Add to bookmarks
June 26, 2023, 5:26 p.m. | Daren Presbitero

Security Boulevard securityboulevard.com




A recent onslaught of attacks targeting the MoveIT application have affected several US Government agencies including Department of Energy (DOE); the Oak Ridge National Laboratory (ORNL) and several State governments such as Minnesota, Missouri, and Illinois. Media coverage of the vulnerabilities (CVE-2023-34362, CVE-2023-35036, and most recently CVE-2023-35708) involving a SQL injection are front and center. However, let’s take a closer look at the second stage of the attack involving a “deserialization” abuse (Note, not exploit) of the MoveIT API (Application …

abuse announcement api api abuse application attack attacks cve cve-2023-34362 cve-2023-35036 cve-2023-35708 department department of energy doe energy government illinois injection media minnesota missouri moveit national national laboratory noname ornl public public service announcement service sql sql injection state targeting vulnerabilities

Visit resource

More from securityboulevard.com / Security Boulevard

RSAC 2024 Innovation Sandbox | Antimatter: A Comprehensive Data Security Management Tool 13 hours ago | securityboulevard.com
antimatter benchmark blog conference +24
USENIX Security ’23 – Beyond Typosquatting: An In-depth Look at Package Confusion 23 hours ago | securityboulevard.com
access authors beyond conference +19
Breaking Down Cybersecurity: The Real Meaning Behind the Jargon 1 day, 4 hours ago | securityboulevard.com
authenticity availability breaking cia +19
What is General Data Protection Regulation Act (GDPR)? 1 day, 5 hours ago | securityboulevard.com
act adoption center challenges +32
RSAC 2024 Innovation Sandbox | Bedrock Security: A Seamless and Efficient Data Security Solution 1 day, 6 hours ago | securityboulevard.com
bedrock bedrock security benchmark blog +20
Cloud Monitor Automation Improves K-12 Cybersecurity Training & Awareness 1 day, 15 hours ago | securityboulevard.com
automation awareness chief cloud +28
USENIX Security ’23 – UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware 1 day, 19 hours ago | securityboulevard.com
access authors conference events +15
Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 1 day, 20 hours ago | securityboulevard.com
ant application customers cve +21
Understanding Cybersecurity Vulnerabilities 1 day, 20 hours ago | securityboulevard.com
advice attacks can cybersecurity +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States
View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India
View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone
View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA
View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs