MOVEit Transfer Critical Vulnerability – CVE-2023-34362

Daisy is not directly impacted by the recently disclosed MOVEit incident which is currently prevalent in the news. Furthermore, Daisy has no known affected dependents, including Zellis.

The mass exploitation of this zero-day vulnerability has been attributed to a prolific ransomware group, and at the time of writing extortion of victims has not been witnessed.

MOVEit Transfers parent company, Progress, has published an article with further details, including affected versions:

https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

Progress additionally advised “If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch.”

The BBC has published some general information around this situation:

https://www.bbc.co.uk/news/technology-65814104

Further information, with relevant technical sources have been published by BleepingComputer:

https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-moveit-bug-used-for-data-theft/

Our dedicated cyber security team is continuing to assess the situation as it evolves to ensure we continue to maintain a secure environment for all of our customers.

If you have any concerns regarding this matter, please contact Daisy via our Service Desk team on 0330 024 3333 or our Customer Portal.