https://community.isc2.org/t5/Industry-News/U-S-Federal-Agencies-Schools-Hospitals-Impacted-by-Global/m-p/60054#M6206 <P><SPAN>Several U.S. federal agencies were hit in a global hacking campaign that exploited a vulnerability in a widely used file-transfer software.</SPAN></P> <P>&nbsp;</P> <P><A href="https://www.reuters.com/world/us/us-government-agencies-hit-global-cyber-attack-cnn-2023-06-15/" target="_blank">https://www.reuters.com/world/us/us-government-agencies-hit-global-cyber-attack-cnn-2023-06-15/</A>&nbsp;</P> Fri, 16 Jun 2023 13:18:28 GMT AndreaMoore 2023-06-16T13:18:28Z https://community.isc2.org/t5/Industry-News/U-S-Federal-Agencies-Schools-Hospitals-Impacted-by-Global/m-p/60054#M6206 <P><SPAN>Several U.S. federal agencies were hit in a global hacking campaign that exploited a vulnerability in a widely used file-transfer software.</SPAN></P> <P>&nbsp;</P> <P><A href="https://www.reuters.com/world/us/us-government-agencies-hit-global-cyber-attack-cnn-2023-06-15/" target="_blank">https://www.reuters.com/world/us/us-government-agencies-hit-global-cyber-attack-cnn-2023-06-15/</A>&nbsp;</P> Fri, 16 Jun 2023 13:18:28 GMT https://community.isc2.org/t5/Industry-News/U-S-Federal-Agencies-Schools-Hospitals-Impacted-by-Global/m-p/60054#M6206 AndreaMoore 2023-06-16T13:18:28Z https://community.isc2.org/t5/Industry-News/U-S-Federal-Agencies-Schools-Hospitals-Impacted-by-Global/m-p/60066#M6207 <P>For anyone using the MOVEit transfer system although there is no CVE for it, here is some additional information on the hack does and systems potentially affected by it.</P><P>&nbsp;</P><P><A href="https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023" target="_blank">https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023</A></P><P>&nbsp;</P><P>d</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 16 Jun 2023 19:10:29 GMT https://community.isc2.org/t5/Industry-News/U-S-Federal-Agencies-Schools-Hospitals-Impacted-by-Global/m-p/60066#M6207 dcontesti 2023-06-16T19:10:29Z https://community.isc2.org/t5/Industry-News/U-S-Federal-Agencies-Schools-Hospitals-Impacted-by-Global/m-p/60069#M6208 <P><A href="https://nvd.nist.gov/vuln/detail/CVE-2023-35708" target="_blank">CVE-2023-35708</A>&nbsp;has now been assigned, but is still awaiting CVSS score.&nbsp; Vendor response is "install the just released patch".</P><P>&nbsp;</P><P>Remotely accessible SQL injection attack with risk of data exposure, data loss and privilege escalation. I am anticipating CVSS to be fairly high.&nbsp; &nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 16 Jun 2023 22:26:34 GMT https://community.isc2.org/t5/Industry-News/U-S-Federal-Agencies-Schools-Hospitals-Impacted-by-Global/m-p/60069#M6208 denbesten 2023-06-16T22:26:34Z