all InfoSec news
Noname Public Service Announcement: Moveit attack involving API abuse
Security Boulevard securityboulevard.com
A recent onslaught of attacks targeting the MoveIT application have affected several US Government agencies including Department of Energy (DOE); the Oak Ridge National Laboratory (ORNL) and several State governments such as Minnesota, Missouri, and Illinois. Media coverage of the vulnerabilities (CVE-2023-34362, CVE-2023-35036, and most recently CVE-2023-35708) involving a SQL injection are front and center. However, let’s take a closer look at the second stage of the attack involving a “deserialization” abuse (Note, not exploit) of the MoveIT API (Application …
abuse announcement api api abuse application attack attacks cve cve-2023-34362 cve-2023-35036 cve-2023-35708 department department of energy doe energy government illinois injection media minnesota missouri moveit national national laboratory noname ornl public public service announcement service sql sql injection state targeting vulnerabilities