image credit: Pxhere

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)

The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362.

Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many exposed organizations as possible, including US government agencies and banks.

Microsoft is attributing the initial attacks to the Cl0p ransomware group (aka FIN11, or Lace Tempest – according to its new threat actor taxonomy).

Read More on Help Net Security