A series of MOVEit Transfer vulnerabilities have affected 520 organizations and over 32 million individuals. The Russian-speaking ransomware gang CL0P has claimed responsibility for the attacks, which date back to May 2023. Organizations that have not yet applied the patches across all instances are still at risk. CyCognito’s platform can help customers to find where MOVEit Transfer is being used across their attack surface and identify exposed risks.
On May 4th, 2022, F5 announced their internal discovery of a remote code execution (RCE) vulnerability, CVE-2022-1388, that affects all firmware versions of their BIG-IP product.
NIST assigned Spring4Shell a score of 9.8, most likely out of concern of a similar blast radius to Log4Shell, which was trivial to exploit and very common.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.