fromTheregister
3 weeks agoCl0p data exfiltration tool found vulnerable to RCE attacks
The vulnerability in the Python-based software, which was used in the 2023-2024 MOVEit mass data raids, was discovered by Italian researcher Lorenzo N. This flaw, categorized as an improper input validation bug, has a severity score of 8.9 and arises from a lack of input sanitization, leading the tool to construct OS commands by concatenating attacker-supplied strings.
Information security