Amazon Data Exposed Due to MOVEit Vulnerability

Amazon has acknowledged that employee data was compromised and circulated on a cybercrime forum, stemming from the notorious MOVEit vulnerability.

This security flaw, recognized as CVE-2023-34362, surfaced in the MOVEit file transfer software last year. It permits cybercriminals to bypass authentication on unpatched systems, enabling them access to sensitive files. To date, this vulnerability has impacted countless organizations.

An Amazon representative clarified that both Amazon and AWS systems remain secure and that there has not been a direct security breach within their networks. The compromised data originated from a third-party property management vendor, which also serves multiple other clients alongside Amazon. The information affected includes work email addresses, desk phone numbers, and office locations.

Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, highlighted in a statement to Dark Reading that this incident serves as a crucial reminder of the potential vulnerabilities lurking within supply chains. “The initial impact of the MOVEit flaw reached hundreds, but the ramifications affected over 2,700 organizations as the ripple effect impacted third- and even fourth-party vendors. Our analysis has uncovered more than 600 MOVEit servers likely involved in this ‘spray’ attack, resulting in a considerable number of potential targets,” Dikbiyik noted.

Hudson Rock, a cybercrime intelligence firm, labeled the consequences of this vulnerability as one of the most significant leaks of corporate information in the previous year. Additionally, the authors of the “Verizon Data Breach Investigation Report (DBIR)” published in February remarked that breaches connected to MOVEit were so pervasive that they significantly altered the year’s statistical outcomes.

For further insights into the evolving landscape of cyber threats, a free Dark Reading Virtual Event, titled “Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors,” is scheduled for Nov. 14 at 11 a.m. ET. The event promises to feature discussions on MITRE ATT&CK, employing proactive security measures, and an expert-led masterclass on incident response, with speakers including Larry Larsen from Navy Federal Credit Union and Costin Raiu, a former analyst at Kaspersky Lab. Register now!

Source
www.darkreading.com

Amazon Employee Data Breached in MOVEit Incident

Amazon Data Exposed Due to MOVEit Vulnerability

Navigating the CISO Cloud Security Dilemma: Purchase, Build, or a Combination of Both?

Cyberkriminelle optimieren ihre Angriffsstrategien.

CNAPP-Kaufberatung

A 180-Year-Old Private University in South Carolina Shuts Down Following Unsuccessful $6M Fundraising Campaign

Can AI Enhance Energy Security? Industry Leaders Believe It Can and Many Are Already Implementing the Technology.

Top Aid Official Urges Progress in Recovery Efforts in Southern Lebanon

Breaking news

A 180-Year-Old Private University in South Carolina Shuts Down Following Unsuccessful $6M Fundraising Campaign

Top Aid Official Urges Progress in Recovery Efforts in Southern Lebanon

Vietnamese Community Commemorates 50 Years Since the Fall of Saigon: ‘Still Fresh in Our Minds’

Food Writers Accuse Australian Influencer of Recipe Theft

U.S. Judge Orders Release of Palestinian Mohsen Mahdawi Arrested During Citizenship Interview

Ajith Kumar Hospitalized Due to Leg Injury; Court Issues Warning to Malaika Arora

Supreme Court Considers Proposal for First Religious Charter School in the U.S.