Regulator, insurers and customers all coming for Progress after MOVEit breach

Trending 1 month ago

Infosec successful brief The fallout from nan exploitation of bugs successful Progress Software's MOVEit record transportation package continues, pinch nan US Securities and Exchange Commission (SEC) now investigating nan matter, and tons of affected parties seeking compensation. 

Progress admitted to nan sick winds of firm work blowing its measurement successful a quarterly SEC 10-Q filing. Per nan disclosure, it received a lawsuit from nan SEC connected October 2, successful which nan Commission asked for "various documents and accusation relating to the MOVEit Vulnerability."

"At this stage, nan SEC investigation is simply a fact-finding inquiry, nan investigation does not mean that Progress aliases anyone other has violated national securities laws," nan exertion vendor explained, adding that it intends to afloat cooperate. 

Progress besides admitted it's facing a slew of different litigation – some successful nan US and successful different countries – complete nan breach, acold successful excess of nan dozen aliases so cases it was reportedly facing arsenic of July. 

"We are statement to 58 people action lawsuits revenge by individuals who declare to person been impacted by nan exfiltration of information from nan environments of our MOVEit Transfer customers," Progress stated successful nan filing. Those cases were consolidated into a azygous suit successful Massachusetts earlier this month. 

Again, that's not all.

Progress has besides received "formal letters" from 23 MOVEit customers who declare nan vulnerability has costs them money, and immoderate "have indicated that they intend to activity indemnification." In addition, Progress is besides facing a subrogation declare from an insurer, which intends it's "seeking betterment for each expenses incurred successful relationship pinch nan MOVEit Vulnerability." 

"We person besides been cooperating pinch respective inquiries from home and overseas information privateness regulators, inquiries from respective authorities attorneys general," and it's besides being investigated by an unnamed national rule enforcement agency. 

A precocious discovered utilization successful different Progress record transferring app, WS_FTP, merited hardly a mention successful nan SEC filing. Progress wrote only that it had patched issues and acknowledged progressive exploitation. 

Critical vulnerabilities of nan week

We commencement this week's database of nan latest captious vulnerabilities and known exploits pinch Fortinet, which released several information updates – including a brace of captious ones successful FortiSIEM, FortiManager and FortiAnalyzer. 

A bunch of FortiSIEM versions are susceptible to multiple CVSS 9.7-level way traversal vulnerabilities that tin lead to privilege escalation, while FortiManager and FortiAnalyzer (multiple versions) are susceptible to privilege escalation via specially-crafted HTTP requests (CVSS 8.6). Patches are disposable for some issues.

As for business power systems, contempt CISA releasing a 19-item notification list, only a fewer of nan issues were serious:

  • CVSS 9.8 – Multiple CVEs: Siemens SCALANCE W1750D WAPs incorporate a bid of vulnerabilities that tin let an attacker to disclose info, contradict work and remotely execute code.
  • CVSS 9.8 – CVE-2023-36380: Siemens CP-8031 and CP-8050 maestro modules shop a hard-coded ID successful their SSH authorized_keys config file, giving anyone pinch nan backstage cardinal login entree to affected devices, which are those pinch debug support activated.
  • CVSS 9.8 – Multiple CVEs: Weintek's communal gateway interface utilized for respective of its CMT3000-series devices contains vulnerabilities allowing attackers to hijack power travel and bypass authentication. 
  • CVSS 9.1 – CVE-2023-4562: Multiple models of Mitsubishi Electric's MELSEC-F PLCs are improperly authenticating, leaving them unfastened to tampering by distant attackers.
  • CVSS 8.0 – CVE-2023-43625: All versions of Siemens's Simcenter Amesim package anterior to V2021.1 are susceptible to codification injection that could fto an attacker execute DLL injection and execute arbitrary code. 

As for recently discovered known exploited vulnerabiilties, there's only a mates to study that we didn't screen elsewhere this week. They whitethorn not beryllium arsenic terrible arsenic nan others, but they're still being exploited successful nan wild, truthful return care: 

  • CVSS 7.8 – CVE-2023-21608: If users unfastened malicious PDFs successful Acrobat Reader versions 22.003.20282 aliases 20.005.30418 and earlier, they could find themselves affected by a usage aft free vulnerability allowing an attacker to execute arbitrary code.
  • CVSS 6.6 – CVE-2023-20109: Cisco GET VPN is susceptible to an OOB constitute onslaught that tin let an attacker to execute codification and clang affected devices.

CISA adds caller ransomware consequence cataloging resources

The US Cybersecurity and Infrastructure Security Agency is expanding its excavation of resources for those fighting to forestall ransomware infections, pinch 2 caller initiatives arsenic portion of nan agency's Ransomware Vulnerability Warning Pilot program.

The first takes nan shape of a caller file successful nan Agency's Known Exploited Vulnerabilities catalog that indicates whether an actively exploited weakness is known to beryllium utilized successful ransomware campaigns. 

The alteration is already unrecorded and coming connected each vulnerabilities added to nan catalog. The aforementioned Progress package exploits, on pinch Log4j and different well-known vulnerabilities, each bespeak that they've been utilized by ransomware actors. 

The second, and arguably much important 1 for those trying to harden an environment, is nan caller list of Misconfigurations and Weaknesses Known to beryllium Used successful Ransomware Campaigns. The catalog isn't CVE-based, and still rather short, listing susceptible services for illustration RDP, VNC, SMB and nan like, and what ports are commonly utilized to exploit misconfigurations.

17k+ WordPress sites hacked to adhd malware injector past month

Cyber information patient and GoDaddy subsidiary Sucuri said successful a caller report that much than 17,000 WordPress websites person been deed by a cross-site scripting vulnerability successful a Composer plugin utilized by WordPress premium taxable shaper tagDiv. 

Cross-site scripting attacks aren't a caller rumor for WordPress implementations that usage various themes pinch plugins of questionable root aliases package proviso chain, and this latest rumor seems for illustration much of nan same. 

In this case, tagDiv's Composer plugin is utilized successful its Newspaper and Newsmag premium themes, which Sucuri said is utilized by complete 135,000 paying customers. Newsmag is successful usage connected different 18,579 sites, but neither fig accounts for pirated copies of nan theme, Sucuri noted. 

Injectors for illustration Balada hijack morganatic services and tin beryllium utilized to tally malicious codification connected websites to phish users, hijack credentials and bargain PII, among different actions. Sucuri includes infection mitigation steps successful its report, starting critically pinch scanning WordPress sites to cheque for immoderate malicious codification – a instrumentality for which Sucuri conscionable happens to person handy. ®