Dive Brief:
Dive Insight:
Risk analysis firm Kroll is pushing the timeline for the vulnerability back years, with its assertion Clop knew about and was experimenting with ways to exploit one of the vulnerabilities in MOVEit as early as July 2021.
Clop also exploited the vulnerability in MOVEit and stole data before Progress released a patch, effectively making every customer with a database publicly exposed to the internet vulnerable and potentially compromised.
Among the organizations with MOVEit hosts publicly exposed to the internet, 31% are in the financial sector, 16% in healthcare, 9% in IT, and 8% in government and military, according to Censys research released Tuesday.
Nearly one-third of companies Censys observed have more than 10,000 employees and more than two-thirds of all MOVEit hosts are based in the U.S.
Some of the latest victims to come forward include the states of Illinois and Missouri, Minnesota’s Department of Education, the U.K.’s communications regulatory agency Ofcom and Extreme Networks.
Mandiant Consulting CTO Charles Carmakal cautioned that Clop wi ..
Support the originator by clicking the read the rest link below.