WASHINGTON—The Cybersecurity and Infrastructure Security Agency (CISA) has issued the Progress Software Releases Security Advisory for MOVEit Transfer, a Cybersecurity Alert addressing a critical vulnerability that affects the MOVEit Transfer web application.
This vulnerability is known as CVE-2023-34362.
MOVEit Transfer is a managed file transfer application used throughout the financial sector to securely transfer large volumes of sensitive data between systems. According to CISA, there exist indications of active exploitation of this vulnerability with resulting evidence of data exfiltration. All versions of MOVEit Transfer are affected, making it essential for credit unions to take appropriate action, the agency said.
To address this issue, CISA is advising credit unions and other organizations to review MOVEit Transfer Critical Vulnerability Alert and apply the recommended remediation measures. Credit unions should prioritize applying necessary updates and actively searching for any signs of malicious activity.
What to Do
CISA said if a credit union uncovers an incident, it should:
- Report the incident to CISA through its 24/7 Operations Center at report@cisa.gov or by calling 888-282-0870
- Evaluate whether data has been compromised — if a credit union suspects data has been compromised, it should report the incident to the local FBI Field Office
- Report the incident to its respective regulatory authority — either the State Supervisory Authority or the NCUA
It’s Called Fresh for a Reason. And We Offer Home Delivery. For Free!
The biggest, best and freshest news reporting in credit unions remains free in ’23! Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com