New Critical Vulnerability in MOVEit Software Exposes Sensitive Data

Hackers are actively exploiting a severe flaw in MOVEit Transfer, risking data breaches across numerous organizations.

The vulnerability, CVE-2024-5806, allows attackers to bypass authentication in the MOVEit SFTP module.
Researchers have identified at least two attack scenarios, including one that uses a null string as an encryption key.
Proof-of-concept exploit code is already publicly available, increasing the urgency for immediate patching.
Approximately 2,700 instances of MOVEit Transfer are currently exposed on the internet, with most located in the US.
A separate third-party vulnerability in MOVEit Transfer exacerbates the risk if left unpatched.