A zero-day story. If you use or used MOVEit then you need to read this.

MOVEit is (was) a very popular software package used by many to “securely” share files both internally and between organisations. But it has a security flaw which was exploited by the Clop ransomware gang before Progress Software, the owners of MOVEit knew there was a problem – but by then a lot of sensitive information had been stolen. A classic zero-day attack.

Here is an excellent article by Lily Hay Newman and Matt Burgess on Wired UK, looking at the data breach and the ongoing implications for information shared along the supply chain:

The Biggest Hack of 2023 Keeps Getting Bigger | WIRED UK

zero-day threat

We had no clients who were using MOVEit but I have had similar conversations with clients about the potential leak of sensitive information when it has to be shared and have helped them reach solutions that have help keep that data secure. Sorry but the answers are only for clients.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading