ALEXANDRIA, Va.–NCUA is urging credit unions to pay attention to pay attention to pay attention to a Cybersecurity Alert from the Cybersecurity and Infrastructure Security Agency (CISA, which has issued a Progress Software Releases Security Advisory for MOVEit Transfer, regarding a critical vulnerability that affects the MOVEit Transfer web application.
The vulnerability is known as CVE-2023-34362.
“MOVEit Transfer is a managed file transfer application used throughout the financial sector to securely transfer large volumes of sensitive data between systems,” the agency said. “There exist indications of active exploitation of this vulnerability with resulting evidence of data exfiltration. All versions of MOVEit Transfer are affected, making it essential for credit unions to take appropriate action.”
To address this issue, NCUA noted CISA is advising credit unions to review the MOVEit Transfer Critical Vulnerability Alert and apply the recommended remediation measures. Credit unions should prioritize applying necessary updates and actively searching for any signs of malicious activity.
How to Respond to Incidents
INCUA said if a credit union uncovers an incident, it should:
- Report the incident to CISA through its 24/7 Operations Center at report@cisa.gov or by calling 888.282.0870.
- Evaluate whether data has been compromised — if a credit union suspects data has been compromised, it should report the incident to the local FBI Field Office.
- Report the incident to its respective regulatory authority — either the State Supervisory Authority or the NCUA.
NCUA added that “prudent credit unions have effective procedures for monitoring, sharing, and responding to threat and vulnerability information.”