- Perimeter Security Is at the Forefront of Industry 4.0 Revolution
- Black Friday sales just slashed the Apple Watch SE (2nd Gen) to its lowest price ever
- Get an Apple Watch Series 10 for $70 off for the first time ahead of Black Friday
- The 15 best Black Friday Target deals 2024
- This fantastic 2-in-1 laptop I tested is highly recommended for office workers (and it's on sale)
SEC Investigation into Progress MOVEit Hack Ends Without Charges
The US Securities and Exchange Commission (SEC) will not bring charges against Progress Software over the MOVEit software supply chain attack that exposed the data of millions of people since 2023.
In an August 6 Form 8-K, a document that US public companies must file with the SEC to announce significant events that shareholders should know about, Progress Software said the Commission has concluded its investigation into its handling of the exploitation of a MOVEit Transfer zero-day vulnerabilities in 2023.
“As previously disclosed, Progress received a subpoena from the SEC on October 2, 2023, as part of a fact-finding inquiry seeking various documents and information relating to the MOVEit vulnerability,” said the SEC filing.
However, after months of investigation, the SEC’s Division of Enforcement decided not to recommend any enforcement action regarding the security incident.
MOVEit Software Supply Chain Attack
The zero-day vulnerability, originally uncovered by Progress in June 2023, was an SQL injection weakness found in the managed file transfer (MFT) product. This flaw (CVE-2023-34362) could grant escalated privileges and unauthorised access.
The Clop ransomware gang quickly took advantage of the zero-day to launch a large-scale data theft campaign against companies worldwide.
Cybersecurity provider Emsisoft estimates that the incident has impacted 2773 organizations and over 95 million people at the time of writing.
In June 2024, Progress Software disclosed two fresh vulnerabilities in its MOVEit file transfer products.
