【】

Another day, another newly discovered exploit. But this vulnerability has the potential to be a really big problem.

This week, Progress Software announcedthat it had discovered two new items for the common vulnerabilities and exposures (CVE) list of the enterprise product MOVEit Transfer, a popular way for businesses to securely transfer and exchange sensitive files and data. 

SEE ALSO:Two MIT students charged for exploiting Ethereum blockchain bug, stole $25 million in crypto

This most recent MOVEit vulnerability, known as CVE-2024-5806, allows hackers to bypass authentication protocols and access the potentially sensitive information being transferred.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

While many readers may not be familiar with Progress Software or MOVEit, this vulnerability could result in serious consequences. As Ars Technicapoints out, a MOVEit vulnerability affectedmillions of people last year. Thousands of organizations, including the US Department of Energy and Shell, were compromised. The 2023 exploit's effects on the Canadian province of Ontario’s government birth registry alone left 3.4 million people compromised.

Currently, MOVEit is installed on as many as 2,700 networks globally. Bad actors, such as at least one ransomware gang, have already made attemptsto exploit this most recent vulnerability, according to cybersecurity researchers with The Shadowserver Foundation and the security firm Censys.

---

Related Stories

---

• Crypto scam victims are being scammed double by fake law firms, FBI warns
• Fake Elon Musk livestreams promoting crypto scams keep popping up on YouTube
• What not to buy on Prime Day, from third-party scams to Ring cams

Progress Software has since released a patch to close the exploit, which can be found here.

TopicsCybersecurity