Lmst

🚨 Would this get past your patching process?

CVE-2023-34362 (MOVEit Transfer)

A single SQL injection flaw

The scary part wasn’t the exploit.
It was how many fully patched orgs still got hit.
📘 Full CVE details & attack chain:
https://cvedatabase.com/cve/CVE-2023-34362
#MOVEit #DataBreach #CVE

#GetTheFuckUp #MoveIt

https://youtu.be/8VYZctI4eGY?si=4A556XDtkw1p1d95

Good strong workout today.
3 rounds, 310# on the sled,
Sled push, 40 ft
Sled pull, 40 ft
45# farmer carry , 80 ft

Usual drom.

#moveit #workouts

A delicious tray of yellow corn, red tomatoes and green cucumber mixed up .

Sicherheitslücke: #MOVEitTransfer ist für Attacken anfällig | Security https://www.heise.de/news/Sicherheitsluecke-Angreifer-koennen-Dienst-von-MOVEit-Transfer-einschraenken-10964396.html #Patchday #MOVEit

MOVE IT! Filmfestival: 21 Jahre Engagement für Menschenrechte im Kino
Seit 2005 bringt das MOVE IT! Filmfestival in Dresden Filme mit menschenrechtlichen Themen auf die Leinwand. Mit einer Ausnahme (2020 wegen Corona) findet es jährlich statt. Entstanden aus ehrenamtlichem Engagement im Rahmen der damaligen Frauenfilmtage,
https://www.neustadt-ticker.de/232529/alltag/kultur/move-it-filmfestival-21-jahre-engagement-fuer-menschenrechte-im-kino
#Kultur #Dresden #festival #MoveIt #Neustadt

Is using std::move in C++ a real optimisation compared to just passing something by const reference and copying? Seems like it should be a tiny one, but it looks so scary.

I'm not sure if I like to move it, move it.

#c++ #c++ #moveit

Holiday Horror Stories: Why Hackers Love Long Weekends!

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down real-life cyberattacks that hit during holiday weekends, including the infamous Kaseya ransomware attack and the MOVEit data breach.

You’ll hear:
• Why 91% of ransomware attacks happen outside business hours
• How hackers strategically time attacks around holidays—when your staff is least prepared
• Lessons from Krispy Kreme, Target, and even the Bank of Bangladesh
• Practical takeaways to harden your defenses before the next long weekend

📽️ Watch the video: https://youtu.be/pCuYx9nPXgk
🎧 Listen to the podcast: https://www.chatcyberside.com/e/cyber-attacks-on-holiday-weekends-a-growing-threat/

Plan ahead. Patch before you relax, and test your holiday response plan. Contact us if you need help with testing, policy development, or training.

#Cybersecurity #Ransomware #IncidentResponse #HolidayCyberAttacks #InfoSec #CybersideChats #LMGSecurity #CISO #RiskManagement #Kaseya #MOVEit #CyberThreats #Cyberaware #Cyber

New mass scanning activity may be the first step in another MOVEit attack.

Hackers are actively scanning the internet for exposed MOVEit systems—hundreds of unique IPs every day—suggesting the early stages of coordinated exploitation.

Threat intel firm GreyNoise warns this is the same pattern seen weeks before past mass attacks. Known MOVEit vulnerabilities, such as CVE-2023-34362 and CVE-2023-36934, are already being tested in the wild.

If your MOVEit Transfer instance is online and unmonitored, you may already be on an attacker’s target list.

Now’s the time to:
• Patch all known MOVEit vulnerabilities
• Limit public-facing access
• Monitor for scan activity and open ports
• Block IPs identified by threat intelligence feeds
• Harden file transfer environments and deploy honeypots if needed

Scanning isn’t random—it’s reconnaissance. Act now before scanning turns into breach.

Read the article for details: https://www.cuinfosecurity.com/scans-probing-for-moveit-systems-may-be-precursor-to-attacks-a-28832

#MOVEit #Cybersecurity #MassScanning #ThreatIntel #AttackSurface #LMGSecurity #Infosec #ITsecurity #databreach #CISO #DFIR #pentesting #pentest #penetrationtesting

Don't procrastinate if you were affected:

Citizens whose SSN was compromised in the MOVEit breach at the National Student Clearinghouse (NSC) have until May 26, 2025, to file a claim to be part of the $9.95 million class action settlement.

Eligible individuals are those whose Social Security number was included in the files affected by the MOVEit security incident between May 28 and May 31, 2023. See more details and access the claim form at the official settlement website: https://nscsettlement.com/

#databreach #EduSec #MOVEit #Clop

Texas utility giant CenterPoint Energy confirmed it is investigating reports of stolen customer data that has been published on a cybercriminal forum after it was allegedly taken during the 2023 #MOVEit breaches

https://therecord.media/texas-utility-firm-investigating-potential-data-leak-moveit-breach

🚨 Over 270,000+ records from American National Insurance Company (#ANICO) leaked online, linked to the 2023 MOVEit hack. Sensitive customer & employee info exposed.

Read: https://hackread.com/american-national-insurance-company-anico-moveit-breach/

#CyberSecurity #DataBreach #MOVEit #Cl0p

Der #ePA Widerspruch ist ungefähr so durchdacht, wie vieles andere was Krankenkassen machen.

Mit Krankenkassennummern (dank #Moveit Lücke bspw bei einigen #Barmer Kunden abgeflossen), Anschrift und Geburtsdatum könnt ihr für beliebige Personen telefonisch einen Widerspruch einrichten oder die ePA wieder aktivieren, wenn ein Widerspruch eingerichtet wurde. 🎉

Eine wirkliche Verifikation findet nicht statt und jetzt weiß ich auch nicht mehr.

#failarmy #digitalisierung #madeingermany #gematik #planlos #datenschutz

Secure Your File Transfers with @progress #MOVEit! 🔐

Worried about data breaches? MOVEit protects your sensitive files with:

1) End-to-end encryption
2) Automated workflows
3) Regulatory compliance

Prevent data breaches, ensure compliance, and take control of your file transfers.

👉 Request a demo with @emt Distribution META: https://zurl.co/kG2HO

#FileTransfer #CyberSecurity #DataProtection #emtDisti #Progress

As an update on database leaks by #"Nam3L3ss::"

He posted another 133 databases today -- all are from the Clop exploitation of a MOVEit vulnerability in May 2023, and all of these particular databases were stolen from Delta Dental.

In December 2023, Delta Dental notified the Maine Attorney General's Office that a total of 6,928,932 people were affected by the breach. But when you start seeing all the individual clients of theirs broken out this way and what kinds of data were involved, and then you remember that Delta Dental was only one of a large number of MOVEit clients, the breach really starts to hit home more.

@brett @euroinfosec @campuscodi

#databases #leaks #clop #moveit, #nam3l3ss,#watchdog #infosec #delta_dental

In November 2024, a BreachForums user called "Nam3L3ss" dumped more than 100 databases on BreachForums. The databases were cleaned-up databases from the Clop MOVEit breach of 2023. He plans to leak even more databases in the coming weeks and months. Some will also be from MOVEit, but he claims there will be many others from other sources.

He is not selling the data. He is just giving it away.

Being a psychologist by background, I really wanted to understand what he has been doing and why. So we chatted. And chatted. And I've written some of it up in a multi-part interview format that begins here:

Conversation with a “Nam3L3ss” Watchdog: Preface
https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-preface/

To jump directly to specific parts:

Part 1, his background and motivation:
https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-1-background/

Part 2, his methods:
https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-2-methods/

Part 3 ethical concerns and his goals:
https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-3-ethics-and-goals/

#dataleaks #watchdog #Nam3L3ss #accountability #databrokers #Clop #MOVEit #databreach #infosec