October 2, 2023

Data of Dublin Airport employees were compromised after professional service provider Aon fell victim to a MOVEit Transfer attack. Dublin Airport notified local authorities and Ireland’s Data Protection Commission.

Aon is the victim of the attacks exploiting the flaw CVE-2023-34362, affecting Progress Software’s MOVEit file transfer platform.

DAA announced that it is assisting the impacted employees, Aon has yet to publish a public statement about the security breach.

Advertisements

MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The vulnerability is a SQL injection vulnerability. It can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

The Clop ransomware group claimes the responsibility of exploiting MOVEit Transfer vulnerability.

The list of victims of ransomware attacks exploiting the MOVEit Transfer zero-day includes the U.S. Department of Energy, British Airways, Boots, the BBC, Aer Lingus, Ofcom, Shell, University of Rochester, Schneider Electric, Siemens Energy, and Gen Digital.

Recently the US State Department offered a $10 million reward for any information which would link members of the Cl0p ransomware gang to a foreign government.

Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: