Cybersecurity
A Zero-Day Flaw in Hacked MOVEit Software Was Exposed on Twitter
- Progress Software has been issuing patches as new flaws found
- Dozens of victims assessing damage from Clop hack campaign
This article is for subscribers only.
John Hammond, a senior researcher at the cybersecurity firm Huntress, had already lost a few nights of sleep when someone he’d been messaging with privately over Twitter delivered a bombshell.
The person, who declined to provide his name but describes himself as an exploit writer, told Hammond on June 15 that he had inadvertently stumbled upon a new zero-day vulnerability in MOVEit file-transfer software — the type of flaw that doesn’t have a fix, or patch, leaving users vulnerable to hackers. What’s more, the anonymous researcher publicly shared details about the flaw on Twitter — a potentially disruptive move that could’ve enabled attackers to exploit the vulnerability before the software owner could respond.