Skip to main content

The Censys Research Team published an article yesterday about new auth bypass vulnerabilities affecting MOVEit Transfer and Gateway products, examining the state of exposed services roughly a year on from publication of a different SQL injection vulnerability associated with MOVEit Transfer.


Check out the team’s dashboard exploring exposed MOVEit services over time here and learn more in the article here.

 

The dashboard utilizes this Hosts Search query to identify exposed services: services.software.product: "MOVEit Transfer" and not labels: {tarpit, honeypot, truncated}

 

If you have questions about this research, let us know and we’ll tag in the Censys team!

Good point 

I was reading the Cyentia IRIS Ransomware report today and found this note in the section on  top ransomware strains (pages 24-26) somewhat interesting. Pretty wild to see Cl0P’s sprawl, which seems to be associated with their exploitation of MOVEit vulns:

“/...] keep in mind that many factors contribute to the prevalence of ransomware shown here. For example, the dominance of the Cl0P (aka CLOP, TA505) ransomware gang is largely due to its exploitation of the infamous “MOVEit” vulnerability in 2023. Such attacks are far more scalable to a large population than more targeted/bespoke campaigns.”

 

 

Reply


Terms & ConditionsCookie settings