The Cybersecurity and Infrastructure Security Agency (CISA) issued Progress Software Releases Security Advisory for MOVEit Transfer, a Cybersecurity Alert addressing a critical vulnerability that affects the MOVEit Transfer web application. This vulnerability is known as CVE-2023-34362.
MOVEit Transfer is a managed file transfer application used throughout the financial sector to securely transfer large volumes of sensitive data between systems. There exist indications of active exploitation of this vulnerability with resulting evidence of data exfiltration. All versions of MOVEit Transfer are affected, making it essential for credit unions to take appropriate action.
To address this issue, CISA advises credit unions to review MOVEit Transfer Critical Vulnerability Alert and apply the recommended remediation measures. Credit unions should prioritize applying necessary updates and actively searching for any signs of malicious activity.
If a credit union uncovers an incident:
Prudent credit unions have effective procedures for monitoring, sharing, and responding to threat and vulnerability information. The Federal Financial Institutions Examination Council’s Cybersecurity Threat and Vulnerability Monitoring and Sharing Statement provides valuable guidance. Credit unions can reach out to their primary federal or state regulator for further clarification and best practices.