1 article
Progress Software has disclosed a critical authentication bypass vulnerability in MOVEit Automation, the workflow automation component of the MOVEit managed file transfer platform. Given MOVEit's history as the most mass-exploited enterprise application of 2023 (Cl0p ransomware, 2,700+ organisations), any new critical vulnerability requires emergency patching. Organisations should apply the patch and review automation workflow configurations before exploitation begins.
MOVEit's latest critical vulnerability is not a surprise — it is the latest instalment in an unending series. The industry keeps treating each managed file transfer vulnerability as an exceptional event requiring exceptional response, when the correct model is to treat MFT platforms as inherently hostile internet-facing infrastructure requiring architectural controls that assume compromise is inevitable.
CipherWatch Editorial
Security Intelligence Platform