As promised, here's a pic of the Poc for CVE-2023-35036 (Progress MOVEit Transfer). As soon as I can get RCE, I'll upload the final PoC to github. Any ideas/suggestions are welcomed!

I don't like to MoveIT MoveIT - disable the HTTP/S people there's a new vuln!

community.progress.com/s/article/MOVE…

#MoveIT #NewVulnerability #RCE #HTTPS

#MOVEit update - I used Shodan to pull a list of possible orgs/domains which appeared to be utilizing MOVEit. Lists are broken down by several different discovery methods.
github.com/kenbuckler/MOV…
#cybersec urity #security #cybersec

😍

A new sit stand desk will revolutionize the way you work! Available in several different sizes, styles and finishes. Click and have it shipped direct to your door!

Users of #MOVEit software are being attacked through publicly disclosed vulnerabilities. The FBI urges users to follow recommended mitigations to protect against exploitation. If you are victimized, report to IC3.gov and include #MOVEit . cisa.gov/news-events/al…

Scoop: Several US federal agencies hacked via #MOVEit cnn.com/2023/06/15/pol…

Real

Meow Meow.
miahcombat.com/collection/pew…
#cats

Repository with the impact of #MOVEit #CVE202334362

github.com/kenbuckler/MOV…

twitter.com/CaffSec/status…

Airin's walk! #4-5
Arrive at Hanazono Shrine！

花園神社に着きました！

#streamer #streamer girl #twitch irl #twitch girls #japangirl #japantravel #twitch #model

常春 コレわかるの何歳世代なんだろう

Me with coke zero

cl0p ransomware gang looks to have actually listed file downloads for the Shell oil company.

None of the other named victims have downloads. #MOVEit

NortonLifeLock has confirmed to BleepingComputer they were impacted by Clop's MOVEit Transfer attacks.

Only employee data was impacted, and they have been notified.

Statement below.

It's almost like exposing 'enterprise' http-based file transfer and management services to the broader internet was a bad idea.

- MOVEit
- GoAnywhere
- Kaseya
- Solarwinds
- Veeam
- Accellion
- PaperCut

Do we not have allowlists anymore? *le sigh*

I'm going to go cry now.

#MOVEit 1/2

Updated list - Ofcom announced:
bbc.co.uk/news/technolog…

Now 3 known declared, of the ~45 known big UK orgs running MOVEit.

Does anyone have a reliable and updated estimate of the number of victims globally in the #MOVEit /Clop hack?

I'm not going to call out which org on the Ransomware Task Force got bit by MOVEit, but you can look at the membership list and compare to the names that have been publicly reported.
Just as a reminder, the RTF came out against ransomware payment restrictions anytime soon:

One of the impacted orgs with this vuln is in the Ransomware Task Force.

Fofa Dork: app='Progress-MOVEit'
Shodan Dork: title:'BridgeFi'
Quake Dork: title:'BridgeFi'
ZoomEye Dork: title:'BridgeFi'
github.com/horizon3ai/CVE…
#CVE -2023-34362 #0day #1day #nday #MOVEit #Fofa #Shodan #Quake #ZoomEye

CVE-2023-34362, affecting MOVEit Transfer, enables unauth RCE through a series of issues:
🔺 Custom Header abuse to SSRF
🔺 SQL injection
🔺 Forging External Trusted IdP Tokens
🔺 .NET Deserialization to RCE

Check out our latest post by James Horseman and Zach Hanley…

Yeah i was so scared 😟

Rapid7 has released a full exploit chain for #MOVEit Transfer CVE-2023-34362. The write-up we've published in AttackerKB contains more than 30 pages of analysis and code — huge shout-out to Ron Bowes, Stephen Fewer, and Curt Fielding for their work on this. attackerkb.com/topics/mXmV0Yp…

タガメ＠沼の底から イスラム教徒「たまには食うよ」
ノンケ「たまには同性でも」
小泉「たまには日頃やらない事をやります」
・・ないない