What Is the MOVEit Vulnerability? Recently, the public was made aware of a “critical” vulnerability in MOVEit Transfer, which is a secure managed file transfer (MFT) software used by a variety of organizations, including banks, corporations, and government agencies. The vulnerability allows malicious actors to perform a SQL injection within the MOVEit software, allowing that actor to escalate their privileges and capture data, which could include confidential information. (Sources: Tenable, Techzine)
What Does This Vulnerability Impact? Certain vendors who use the MOVEit software are beginning to notify their customers (for example, banks and bank service providers) of the discovered vulnerability, subsequent incident, and the potential sensitive customer information that may have been obtained during the incident at certain organizations. Currently, these clients are being notified of specific sensitive customer information that was subjected to unauthorized access during the breach. The news of this vulnerability and the breach is a significant matter of concern, especially to those of us in the banking industry.
Please note that Sawyers & Jacobs LLC has NEVER used this solution, so we are referring to other industry providers who use this software.
What Action Should We Take? If your financial institution has been affected by this incident, the team at Sawyers & Jacobs LLC is here to help. We can quickly provide support with incident response, the required regulatory computer-security incident notification, and possible customer response program activation.
Click here for more information on this cybersecurity alert and to learn more about the services our firm offers to help banks mitigate the risk of these incidents.