start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Select Page

Millions of people, hundreds of enterprises, U.S. government agencies and universities are current victims of a hacking campaign by the Russia-linked ransomware group known as Cl0P. A flaw in the widely used MOVEit file transfer tools is being used in the attack. It has been reported that the group is only stealing information that is specifically being stored on the file-transfer application at the precise time that the intrusion occurred, and not gaining broader access.

CISA has published an advisory and is helping several federal agencies who have been hacked.

Urgent action is necessary: patches are available

Organizations should respond quickly to find and remediate affected systems. Progress has published two patches. They are described at

How does BigFix help to address this threat now? 

The HCL BigFix Critical Emergency Response Team (CERT) is responding quickly to this zero-day vulnerability. They are helping users identify where MOVEit exists in their organization, and more importantly, where affected versions of MOVEit exists.

  1. For organizations with the BigFix CISA Known Exploited Vulnerabilities Content Pack, the audit fixlet is now available.
  2. Due to the criticality of this threat, the BigFix Team has also added the audit fixlet to the Updates For Windows Applications content site.
  3. Lastly, a software signature is being created for licensed users of BigFix Inventory to identify all instances of the MOVEit tool.

Recommended Actions

  1. Organizations should quickly identify the endpoints that require remediation using the provided fixlet.
  2. Quarantine affected systems and remediate them manually.

The global BigFix community is working together to address to address this threat. Follow the latest at

Every day, BigFix helps organizations address vulnerabilities quickly

BigFix is used to provide deeper insights into vulnerabilities and threats. BigFix provides effective methods to immediately identify and detect systems that may be vulnerable, continually analyzes your systems to identify any newly affected systems, provides historical reporting on software installations and removals to help determine the window of exposure, can validate security policies that identify whether and when specific security controls were modified or disabled by an attacker and can deploy operating systems or image systems to rapidly recover your systems.

For more information, visit HCL BigFix.

Comment wrap
Automation | July 16, 2024
Streamlining Software Asset Management with HCL BigFix Workspace+
Discover how HCL BigFix Workspace+ simplifies Software Asset Management with automated license tracking, compliance reporting, and cost optimization. Streamline your IT operations effortlessly. Learn more.
Automation | July 10, 2024
Resolving IT Software Issues at Scale with BigFix Workspace+
Discover how BigFix Workspace resolves IT software issues at scale with real-time analysis and rapid response capabilities. Optimize performance across diverse environments effortlessly. Learn more!
Automation | July 1, 2024
HCL BigFix Remediate Now on AWS Marketplace!
HCL BigFix Remediate is now on AWS Marketplace! Effortless integration, enhanced security, and scalable solutions for vulnerability management.