This is said to be a heap buffer overflow flaw in the WebRTC framework according to Google.
A heap buffer overflow is a software code vulnerability that can be faulted or exploited by a bad actor, which can cause unintended consequences including a blue screen of death (BSOD, unauthorized access, or Denial of Service (DoS). The overflow generally occurs when the allotted storage capacity is exceeded by the volume of data.
More can be read at thehackernews.com here:
Zero-Day in Progress MOVEit file transfer software allows SQL Injection attack to gain access, create files, and data exfiltration
There are ~2,500 MOVEit servers available on the internet as of 6/1/2023. This is still developing. There are plenty of sources out there and it looks like these attacks started as resent as 5/27/2023.
https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response
https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/
Share this: