start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

Millions of people, hundreds of enterprises, U.S. government agencies and universities are current victims of a hacking campaign by the Russia-linked ransomware group known as Cl0P. A flaw in the widely used MOVEit file transfer tools is being used in the attack. It has been reported that the group is only stealing information that is specifically being stored on the file-transfer application at the precise time that the intrusion occurred, and not gaining broader access.

CISA has published an advisory and is helping several federal agencies who have been hacked.

Urgent action is necessary: patches are available

Organizations should respond quickly to find and remediate affected systems. Progress has published two patches. They are described at https://www.progress.com/security/MOVEit-transfer-and-MOVEit-cloud-vulnerability.

How does BigFix help to address this threat now? 

The HCL BigFix Critical Emergency Response Team (CERT) is responding quickly to this zero-day vulnerability. They are helping users identify where MOVEit exists in their organization, and more importantly, where affected versions of MOVEit exists.

  1. For organizations with the BigFix CISA Known Exploited Vulnerabilities Content Pack, the audit fixlet is now available.
  2. Due to the criticality of this threat, the BigFix Team has also added the audit fixlet to the Updates For Windows Applications content site.
  3. Lastly, a software signature is being created for licensed users of BigFix Inventory to identify all instances of the MOVEit tool.

Recommended Actions

  1. Organizations should quickly identify the endpoints that require remediation using the provided fixlet.
  2. Quarantine affected systems and remediate them manually.

The global BigFix community is working together to address to address this threat. Follow the latest at https://forum.bigfix.com/t/active-malware-campaign-MOVEit-transfer/45404

Every day, BigFix helps organizations address vulnerabilities quickly

BigFix is used to provide deeper insights into vulnerabilities and threats. BigFix provides effective methods to immediately identify and detect systems that may be vulnerable, continually analyzes your systems to identify any newly affected systems, provides historical reporting on software installations and removals to help determine the window of exposure, can validate security policies that identify whether and when specific security controls were modified or disabled by an attacker and can deploy operating systems or image systems to rapidly recover your systems.

For more information, visit HCL BigFix.

Comment wrap
Automation | March 30, 2024
HCL BigFix: RBI Compliance Made Easy for Banks
HCL BigFix simplifies RBI compliance for banks. Patch all devices, manage software, and protect against vulnerabilities. Learn how HCL BigFix secures your financial data.
Automation | March 30, 2024
HCL BigFix Enterprise+ Enables Any Cloud AI-Powered Automation
Explore the future of IT infrastructure management with HCL BigFix Enterprise+, an intelligent hybrid solution seamlessly integrating cybersecurity, automation, and analytics.
Automation | March 28, 2024
Managing Endpoint Compliance in Banking and Finance
HCL BigFix simplifies IT compliance for banks. Patch all devices and vulnerabilities, manage software and protect against cyber attacks. Learn how HCL BigFix secures your financial data.