Hackers use flaw in popular file transfer tool to steal data, U.S. researchers say

news_image
0
5 просмотров

By Zeba Siddiqui

SAN FRANCISCO (Reuters) - Hackers have stolen data from the systems of a number of users of the popular file transfer tool MOVEit Transfer, U.S. security researchers said on Thursday, one day after the maker of the software disclosed that a security flaw had been discovered.

Software maker Progress Software, after disclosing the vulnerability on Wednesday, said it could lead to potential unauthorized access into users' systems.

The managed file transfer software made by Burlington, Massachusetts-based Progress allows organizations to securely transfer files and data between business partners and customers, and according to the company is used by thousands of organizations.

Google's Mandiant consulting and cybersecurity firm Rapid7 disclosed on Thursday that they had found a number of cases in which the flaw had been exploited to steal user data.

It wasn't immediately clear how many users were impacted, but Mandiant Consulting said it was investigating "several" intrusions linked to the bug.

It was not known when the flaw was discovered by hackers. A Progress Software spokeswoman didn't immediately respond to a request for further comment.

"Mass exploitation and broad data theft has occurred over the past few days," Charles Carmakal, chief technology officer of Mandiant Consulting, said in a statement.

Such "zero-day," or previously unknown, vulnerabilities in managed file transfer solutions have led to data theft, leaks, extortion and victim shaming in the past, according to Mandiant.

"Although Mandiant does not yet know the motivation of the threat actor, organizations should prepare for potential extortion and publication of the stolen data," Carmakal added.

Rapid7 said it had noticed an uptick in cases of compromise linked to the flaw since it was disclosed.

Progress, in a statement on Wednesday, outlined steps users at risk can take to mitigate the impact of the security vulnerability.

(Reporting by Zeba Siddiqui in San Francisco; Editing by)

Поделись своим мнением

 
ООО "Профинансы ИТ решения"
Юридический адрес: 123112, Российская Федерация, г. Москва, Пресненская набережная, д.12, этаж 82, офис 405, помещение 4
ОГРН: 1227700402522
ИНН: 9703096398
КПП: 770301001
Расчётный счет 40702810710001115701
Корреспондентский счет 30101810145250000974
БИК банка 044525974
Банк АО "ТИНЬКОФФ БАНК"
Информация на данном сайте представлена исключительно для ознакомления и самостоятельного анализа инвестором. Не является индивидуальной инвестиционной рекомендацией. Не является рекламой ценных бумаг определенных компаний. Графики стоимости ценных бумаг отражают историческую динамику цены и не могут быть гарантией доходности в будущем. Прошлые результаты инвестиционной деятельности не гарантируют доходность в будущем. Числовые показатели взяты из официальных финансовых отчетов представленных компаний. ООО «ПРОФИНАНСЫ ИТ РЕШЕНИЯ» не несет ответственности за возможные убытки инвестора в случае использования представленной на сайте информации в своей инвестиционной стратегии, покупки и продажи указанных на сайте ценных бумаг.