CISA urges organizations to patch MOVEit after 3 new vulnerabilities found

The Cybersecurity and Infrastructure Security Agency on Friday announced that Progress Software, the company that develops the popular file-transfer software MOVEit, released patches for three newly discovered vulnerabilities.

“A cyber threat actor could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users to review Progress Software’s MOVEit Transfer article and apply product updates as applicable for security improvements,” CISA’s alert reads.

Progress Software has published security updates for six vulnerabilities for MOVEit since May, when it was discovered that the CL0P ransomware gang had stolen data from hundreds of entities globally, including government agencies, the National Student Clearinghouse and the Teachers Insurance and Annuity Association of America.

Universities have also reported MOVEit breaches linked to both the Clearinghouse and TIAA, The Record reported last week.