The widely exploited vulnerability in Progress Software’s MOVEit file transfer service has impacted nearly 200 organizations, according to Brett Callow, threat analyst at Emsisoft.
The scope of damage caused by Clop’s mass exploit of a zero-day vulnerability in MOVEit continues to snowball as third-party vendors expose multiple downstream victims. Progress discovered the zero day over Memorial Day weekend on May 28.
Despite the number of victims so far, experts anticipate more will come forward. “While many organizations have made a disclosure, a significant number have yet to do so,” Callow said via email.
Progress on Wednesday released another update, including security fixes, and said it will consistently release MOVEit product updates every two months going forward.
The company reported nearly $1.5 million in cyber incident and vulnerability response expenses during the second quarter, which ended May 31, and said it expects to incur additional expenses in future quarters.
“We’ve been taking this issue very seriously,” Yogesh Gupta, president and CEO at Progress, said during the company’s June 29 earnings call, according to a Seeking Alpha transcript.
“While working through an issue of this nature, it's important not to speculate broadly or prematurely but rather focus on the task at hand, doing what we can to protect our customers against the ongoing threat of cybercriminals,” Gupta said.
The education sector has been hit particularly hard as many widely used vendors in ..
Support the originator by clicking the read the rest link below.
