#moveit

[ follow ]
fromTheregister
1 day ago

Cl0p data exfiltration tool found vulnerable to RCE attacks

The vulnerability in the Python-based software, which was used in the 2023-2024 MOVEit mass data raids, was discovered by Italian researcher Lorenzo N. This flaw, categorized as an improper input validation bug, has a severity score of 8.9 and arises from a lack of input sanitization, leading the tool to construct OS commands by concatenating attacker-supplied strings.
Information security
[ Load more ]