TDECU data breach affects half a million people

The Texas Dow Employees Credit Union TDECU has filed a data breach notification, reporting that the data of 500,474 people has been accessed in an external system breach. TDECU is the largest Houston-area credit union, and the fourth largest in the state of Texas. The credit union was founded by...

TDECU Data Breach: 500,000+ Members Affected by MOVEit Exploit

TDECU reports a data breach affecting over 500,000 members due to a MOVEit vulnerability. Compromised data includes Social…...

Progress MOVEit Transfer < 2023.0.12 / 2023.1 < 2023.1.7 / 2024.0 < 2024.0.3 Privilege Escalation

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. Note that Nessus has not tested for these issues but has...

The vulnerability of the SFTP software module for processing and transmitting confidential data in Progress MOVEit Transfer allows a perpetrator to bypass authentication processes and gain increased privileges.

The vulnerability of the SFTP software module for processing and transmitting confidential data in Progress MOVEit Transfer is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to bypass the authentication process and gain increased privilege...

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer SFTP A malicious party can exploit the vulnerability to grant themselves elevated privileges, potentially gaining access to files that the malicious party is not initially authorized to access. Progress has released updates to fix the...

CVE-2024-6576

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3...

CVE-2024-6576

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3...

CVE-2024-6576 MOVEit Transfer Privilege Escalation Vulnerability

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3...

CVE-2024-6576

CVE-2024-6576 - Progress MOVEit Transfer (SFTP module) : Affected MOVEit Transfer versions include 2023.0.0–2023.0.11, 2023.1.0–2023.1.6, and 2024.0.0–2024.0.2, with a root cause described as an improper authentication vulnerability that can lead to privilege escalation. Remediation per sources: ...

CVE-2024-6576 MOVEit Transfer Privilege Escalation Vulnerability

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3...

PT-2024-5295 · Progress · Progress Moveit Transfer

Name of the Vulnerable Software and Affected Versions: Progress MOVEit Transfer versions 2023.0.0 through 2023.0.11 Progress MOVEit Transfer versions 2023.1.0 through 2023.1.6 Progress MOVEit Transfer versions 2024.0.0 through 2024.0.2 Description: The issue is related to improper authentication ...

Progress Software MOVEit Transfer 安全漏洞

Progress Software MOVEit Transfer is a suite of automated file transfer software from Progress Software, USA. The software supports file transfer and provides file transfer activity monitoring. A security vulnerability exists in Progress Software MOVEit Transfer that stems from the presence of an...

Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

This module exploits CVE-2024-5806, an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The following version are affected: MOVEit Transfer 2023.0.x Fixed in 2023.0.11 MOVEit Transfer 2023.1.x Fixed in 2023.1.6 MOVEit Transfer 2024.0.x Fixed in 2024.0.2 The module can...

Metasploit Weekly Wrap-Up 07/05/2024

I still like to MOVEit MOVEit This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in the MOVEit Transfer SFTP service CVE-2024-5806. It is possible to authenticate to the SFTP service as any user as long as a valid username is known a...

Progress MOVEit Transfer 2017 < 9.0.0.201, Ipswitch MOVEit DMZ < 8.2 / 8.2 < 8.2.0.20 / 8.3 < 8.3.0.30 SQL Injection (CVE-2017-6195)

The version of Progress MOVEit Transfer, formerly Ipswitch MOVEit DMZ, installed on the remote host is affected by a pre-authentication blind SQL injection vulnerability as referenced in Progress Community article 000192008. - Ipswitch MOVEit Transfer formerly DMZ allows pre-authentication blind...

A week in security (June 24 &#8211; June 30)

Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data m...

Exploit for SQL Injection in Progress Moveit_Cloud

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a ful...

Progress Software Releases Security Bulletin for MOVEit Transfer

Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following bulletin and apply the necessary updates: MOVE...

Critical Vulnerabilities Patched in Progress Software’s MOVEit

...

The vulnerability of the SFTP software module for processing and transmitting confidential data in Progress MOVEit Transfer allows a perpetrator to enhance their privileges.

The vulnerability of the SFTP software module for processing and transmitting confidential data in Progress MOVEit Transfer is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers, operating remotely, to increase their privileges...