{"id":32126,"date":"2023-10-27T06:56:53","date_gmt":"2023-10-27T04:56:53","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=32126"},"modified":"2023-10-27T06:56:53","modified_gmt":"2023-10-27T04:56:53","slug":"piriform-ccleaner-victim-of-moveit-transfer-vulnerability","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/10\/27\/piriform-ccleaner-victim-of-moveit-transfer-vulnerability\/","title":{"rendered":"Piriform CCleaner victim of MOVEit transfer vulnerability"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/10\/26\/moveit-schwachstelle-ccleaner-nutzer-auch-betroffen-deutsche-bank-und-ing-lassen-datenleck-prfen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]The vulnerability in Progress Software's Managed File Transfer (MFT) solution MOVEit, which was disclosed in May 2023, has also affected CCleaner customers of the vendor Priform (bought by AVAST and owned by Gen Digital). Piriform has just admitted to a data leak due to the MOVEit vulnerability.<\/p>\n<p><!--more--><\/p>\n<h2>Piriform CCleaner-Kundendaten erbeutet<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/f28eb9cc34604280a6231e9be2138e18\" alt=\"\" width=\"1\" height=\"1\" \/>Pirifom, the provider of the \"cleaning\" software CCleaner, has gone public with a statement disclosing that customer data was leaked via the MOVEit vulnerability. Troy Hunt referred to this statement in the following tweet.<\/p>\n<p><a href=\"https:\/\/twitter.com\/troyhunt\/status\/1717291454341750929\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Piriform CCleaner victim of MOVEit vulnerability\" src=\"https:\/\/i.postimg.cc\/zGFnXx5P\/image.png\" alt=\"Piriform CCleaner victim of MOVEit vulnerability\" \/><\/a><\/p>\n<p>There is an admission that customer data of CCleaner users, such as name, contact information and information about the purchased product, was siphoned off via the MOVEit vulnerability. Piriform stresses that no banking or account login information was leaked. From CCleaner, affected customers are being offered a six-month free subscription to the Breachguard security tool. This is to enable monitoring for suspicious activity related to the stolen data.<\/p>\n<h2>What is MOVEit?<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/8759f62085ca4e219c256cdde039d1bd\" alt=\"\" width=\"1\" height=\"1\" \/><a href=\"https:\/\/www.ipswitch.com\/moveit\" target=\"_blank\" rel=\"noopener\">MOVEit<\/a>\u00a0is a Managed File Transfer (MFT) software that enables transfer of files between different computers. The software is developed by Ipswitch, a subsidiary of the US company Progress Software Corporation. MOVEit is often used in companies to exchange files between customers or business partners via the Internet. Uploads are supported via the SFTP, SCP and HTTP protocols to transfer the files securely.<\/p>\n<h2>The vulnerability CVE-2023-34362<\/h2>\n<p>MOVEit vulnerability CVE-2023-34362 became known at the end of May 2023 (see <a href=\"https:\/\/borncity.com\/win\/2023\/06\/02\/warning-moveit-vulnerability-is-abused-in-attacks-data-extradicted\/\" rel=\"bookmark\">Warning: MOVEit vulnerability is abused in attacks, data extradicted<\/a>), and it turned out that this vulnerability was specifically exploited by the Lace Tempest\/Clop ransomware gang (suspected as early as 2021) (see <a href=\"https:\/\/borncity.com\/win\/2023\/06\/05\/lace-tempest-clop-ransomware-gang-exploits-moveit-vulnerability-cve-2023-34362\/\" rel=\"bookmark\">Lace Tempest\/Clop ransomware gang exploits MOVEit vulnerability CVE-2023-34362<\/a>).<\/p>\n<p>Since then it became known, that several hundreds of thousands of victims were extorted by Clop, because they stole sensitive (user) data from the victims. Clop threatened to publish and posted the data of many victims on their websites.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2023\/06\/02\/warning-moveit-vulnerability-is-abused-in-attacks-data-extradicted\/\" rel=\"bookmark\">Warning: MOVEit vulnerability is abused in attacks, data extradicted<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/06\/05\/lace-tempest-clop-ransomware-gang-exploits-moveit-vulnerability-cve-2023-34362\/\" rel=\"bookmark\">Lace Tempest\/Clop ransomware gang exploits MOVEit vulnerability CVE-2023-34362<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/06\/10\/moveit-transfer-new-vulnerability-patch-urgently\/\" rel=\"bookmark\">MOVEit Transfer: New vulnerability; patch urgently!<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/07\/08\/moveit-transfer-new-security-advisory-and-update-july-6-2023\/\" rel=\"bookmark\">MOVEit Transfer: New security advisory and update (July 6, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/07\/11\/data-leak-at-german-postbank-and-deutsche-bank-blame-moveit\/\" rel=\"bookmark\">Data leak at German Postbank and Deutsche Bank (blame MOVEit?)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/09\/29\/moveit-vendor-progress-software-reports-serious-vulnerabilities-in-ws_ftp-server\/\" rel=\"bookmark\">MoveIT vendor Progress Software reports serious vulnerabilities in WS_FTP Server<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The vulnerability in Progress Software's Managed File Transfer (MFT) solution MOVEit, which was disclosed in May 2023, has also affected CCleaner customers of the vendor Priform (bought by AVAST and owned by Gen Digital). Piriform has just admitted to a &hellip; <a href=\"https:\/\/borncity.com\/win\/2023\/10\/27\/piriform-ccleaner-victim-of-moveit-transfer-vulnerability\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69],"class_list":["post-32126","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/32126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=32126"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/32126\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=32126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=32126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=32126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}