CVEs, MOVEit, Cl0p, Ransomware. Cybercriminals.

Sphere with 0s and 1s

If you know where to look, you’ve seen it unfold.

BleepingComputer reported it at the very beginning of June. 2 weeks ago.

MOVEit’s software vulnerability. Then vulnerabilities. Plural.

Leading to a whole lot of stolen private, identifying data.

MOVEit CVEs are amassing. To us in the general public, think of CVEs as forensic listings of vulnerabilities in software – details about them, when they were discovered, and what versions of the software they affect.

Specifically:

CVE-2023-34362 – added June 2nd. It’s a way into the MOVEit software by exploiting commands intended for the software’s database to instead provide control to the attackers to send their own commands (like, hey, get me your data). The type of attack is called SQL Injection.

CVE-2023-35036 – added June 11th. A related (but different) vulnerability with the same impact – control over information stored in the database.

CVE-2023-35708 – added June 16th. Same type of vulnerability.

CNN released a story about this on June 15th because of US federal (and state) government impact of cybercriminals using these vulnerabilities to get into computer systems. Called it exclusive. Follow-up stories on June 16th don’t show on CNN today.

Because now – somehow – that’s old news. (We need to know about Pete Davidson’s driving bad decisions and antics instead as one of June 17th’s top stories.)

Here’s an overview of the breadth of impact, and it’ll grow:

💻US Federal Government
💻State of Louisiana
💻State of Oregon
💻BBC
💻British Airways
💻University of Georgia
💻State of Minnesota
💻State of Illinois
💻State of Missouri
💻Johns Hopkins Medical Center
💻The Boston Globe
💻Aon
💻Shell Global
💻Oak Ridge Associated Universities
💻Waste Isolation Pilot Plant
💻Walgreen’s
💻Nova Scotia

I’m missing some, many.

Maybe the emojis should have all been people. What’s stolen is their identifying data. To be sold to other cybercriminals (and probably kept).

Are you in this list?

Cl0p – the cybercriminals – might be in the running for Time’s Person of the Year.

Or maybe it’s the 0s and 1s that identify you. Your SSN. Your name and address.

#cybersecurity#pii#cyberhygiene#zeroday#sqlinjection#moveit

Related Posts

subdomain hijacking

Subdomain Hijacking and Trust

Cybersecurity /

What if https://www.something.com was the most trusted website in the world. What would you think of… heather.something.combuymystuff.something.com The heather.something and buymystuff.com are subdomains. Large companies often have a lot of subdomains mapped to various IP addresses via DNS. What does this mean? It means they may not have a good handle of all of…

Read More »

Scroll to Top