The creators of the MOVEit software, Progress Software Corporation, were quick to publish patches once they knew about the existence of the vulnerability. MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do… (We’ve seen reports of breaches affecting tens or hundreds of thousands of staff at a range of operations in Europe and North America, including organisations in the healthcare, news, and travel sectors.) Trophy data plunderedĪs you can imagine, because this security hole existed in the web front-end to the MOVEit software, and because MOVEit is all about uploading, sharing and downloading corporate files with ease, these criminals abused the bug to grab hold of trophy data to give themselves blackmail leverage over their victims.Įven companies that are not themselves MOVEit users have apparently ended up with private employee data exposed by this bug, thanks to outsourced payroll providers that were MOVEit customers, and whose databases of customer staff data seem to have been plundered by the attackers. Regrettably, in the case of CVE-2023-34362, the crooks who got there first were apparently members of the infamous Clop ransomware crew, a gang of cyberextortionists who variously steal victims’ data or scramble their files, and then menace those victims by demanding protection money in return for suppressing the stolen data, decrypting the ruined files, or both. That’s because the MOVEit brand name has been all over the IT and mainstream media for the last week or so, due to an unfortunate security hole dubbed CVE-2023-34362, which turned out to be what’s known in the jargon as a zero-day bug.Ī zero-day hole is one that cybercriminals found and figured out before any security updates were available, with the outcome that even the most avid and fast-acting sysadmins in the world had zero days during which they could have patched ahead of the Bad Guys. I will have a follow up post as I have more time to play around with the appliance and have more feedback on what things look like.Even if you’re not a MOVEit customer, and even if you’d never heard of the MOVEit file sharing software before the end of last month… The above screenshots take us all the way up to the point of logging into the appliance via a browser. This step takes a few minutes at least on my VM. Sophos also has a really good getting starting guide on deploying the OVF and particulars therin: -Getting-Started-Guide.pdf?la=enĪfter the initial OVF deployment, below are the screenshots of the VM after it had booted and I pointed a web browser to the default 172.16.16.16:4444 IP and port.ĭefault username and password here is admin/adminīelow on the next screen we are asked to initiate a license synchronization which basically looks to register your device and sync the license with your install and the portal.Ĭhoose which mode the appliance is installed in:īasic config here: We setup the LAN interface address:Īfter the review screen, the device starts configuring itself. I won’t go into details about how to deploy the appliance inside VMware via the OVF file as most are familiar with the process on doing this. When we are talking about a security appliance that is what we want. One thing that I see right from the start that is really great is the OVF zip package you download upon signing up for the trial is only roughly 170MB or so – very small. When you sign up for the trial product you are taken to a download page to download the appliance file format that you need for your environment – VMware, HyperV, KVM, etc as well as full ISO for hardware Intel appliance. Sophos may have restricted access with XG to only pay customers and giving firewall only and various other features to home users. One thing to note is there is an XG Firewall and an XG UTM, which the free 9.x version for me is the UTM appliance. ![]() ![]() After you sign up on the mysophos portal you can download the product.Īlso, I am excited as well that Sophos announced also that there is still a Sophos XG Home Edition Firewall – which looks to provide most of the feature set as the 9.x version with the new technology and interface. Sophos offers a 30 day free trial which is what I am using to play around with the software and get a feel for the completely rewritten interface. Sophos did mention they are keeping both code branches however and development would continue on 9.x, however, the writing is on the wall that the XG product will be the software in times to come. ![]() So the other day I received the announcement from Sophos they had released their “next generation” firewall appliance that would be providing the way forward for current 9.x users.
0 Comments
Leave a Reply. |