"A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product. We can confirm that a number of our customers have been impacted by this global issue and we are actively working to support them. Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland."
Aer Lingus, confirmed that they are one of the companies affected by the Zellis breach through the MOVEit compromise. Other big brands include Boots, British Airways and the BBC.
Microsoft attributed the hack exploiting the Moveit zero-day vulnerability to Lace Tempest, a reportedly Russian-speaking cybercrime group known for similar ransomware operations and running the Clop extortion site.
The Clop team claimed responsibility and that they had stolen data from "hundreds of companies" and would begin publishing organizations' stolen data on June 14th if a ransom is not paid.
Progress, the company behind MOVEit Transfer and MOVEit services stated: "We have discovered a vulnerability in MOVEit Transfer and MOVEit Cloud that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action in order to help protect your environment. At Progress, security is always a top priority and we have taken actions to mitigate the issue. We do, however, recommend that customers conduct their own due diligence.
Read The full technical Disclosure
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more