Medical files of 8M-plus people fall into hands of Clop via MOVEit mega-bug Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability. Deloitte confirmed an intrusion but declined to answer The Register's …
Stand operating procedure
Had the same issue. Customer lost funds supposedly via pilfered online banking login.
Requested a log of time, date, and ip address. I know it is available, worked at a bank at one time.
End point, bank refunded the 1.4mil and gave no answer.
> Why is this stuff internet accessable?
It was a cheap hacked together solution done by some final year computer student and used HTTP for certain control functions.
> SQL injections and private databases facing the internet?
The kid shoulda used stored procedures and disabled all webable anything. And assume the app would be hit with all known attacks. They did try and hack their own app, didn't they?
They do make a good video: MOVEit secure managed file transfer
If the modem was locked down then this might not have happened. But then again they appear to be using a browser at the client end. They should strip-out everything apart from the GUI and replace it with SFTP and use peer-to-peer file transfer so as nothing is stored on the mothership. Apart from a token file transfer recent.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
