Get Help Now



MOVEit Vulnerability:

A Significant Exploitation 

This is a serious matter and one of the most significant exploitations we have seen recently here at GreyCastle Security.

Posted July 17, 2023 | Written by Joe Vigorito & Keith Robertson, Senior Security Strategists, GreyCastle Security

Progress Software released a security advisory on May 31, 2023 for a vulnerability in the extremely popular MOVEit Transfer and MOVEit Cloud. Regarding this vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) issued alert CVE-2023-34362.

This software is widely used in Higher Education as well as other sectors to automate file transfers between organizations. This vulnerability could allow an unauthenticated attacker to gain access to the MOVEit Transfer database, which could lead to escalated privileges and potential unauthorized access to the environment, including any files that have been stored within the system. 

Please do not delay in actingThis blog post will provide a few technical details and a number of logistic and informational details of which you should be awareContact GreyCastle Security with questions about any of the information in this post 

The Important Technical Details 

On June 15, 2023, Progress released an additional security advisory for a privilege escalation vulnerability (CVE-2023-35708) in MOVEit Transfer. This vulnerability could allow an attacker to gain elevated privileges on the MOVEit Transfer server, which could lead to unauthorized access to the environment. 

Progress Software has released patches for both vulnerabilities. If you have not already done so, customers are urged to apply the patches as soon as possible. 

In addition to applying the patches, users should also take the following technical mitigation steps: 
        1. Disable all HTTP and HTTPS traffic to your MOVEit Transfer environment 
        2. Review, delete, and reset all user passwords
        3. Verify that all MOVEit Transfer users have the appropriate permissions 
        4. Monitor your MOVEit Transfer environment for any suspicious activity 

If you have any questions or concerns about the Progress Software MoveIT vulnerability, please contact Progress Software support. 

The Important Non-Technical Details 

Institutions of Higher Education should note that the National Student Clearinghouse (NSC) uses Progress Software’s MOVEit Transfer software to transfer student data between institutions. The MOVEit vulnerability could have potentially impacted the NSC’s ability to transfer student data, which could have had a significant impact on the education community.  

If you are in Higher Education, you are probably aware that the NSC is a nonprofit organization that acts as a trusted source for education verification and student educational outcomes data. If a data breach were to occur involving the NSC, it is recommended to monitor news sources, official statements, and announcements from the NSC or other relevant parties for the most recent and accurate information about any such incidents. 

The NSC has also been working with leading cybersecurity experts to assess the impact of the MOVEit vulnerability on the NSC and its systems. The NSC is confident that the steps it has taken have mitigated the risk of unauthorized access to its student data. However, the NSC cannot rule out the possibility that some student data may have been accessed by unauthorized individuals. The NSC is working with law enforcement to investigate the matter. 

The NSC has also been in touch with its customers to inform them of the situation and to provide them with guidance on how to protect their data. 

Again, affecting many Institutions of Higher Education, the Teacher’s Insurance Annuity Association, (TIAA), a financial services company that provides retirement and investment products to the academic and research community, was affected by the MOVEit vulnerability in June 2023. The vulnerability allowed unauthorized access to information that was transferred or stored on the MOVEit platform. 

TIAA has stated that no information was obtained from its systems and that its systems were not at risk from the MOVEit vulnerability. However, the company has also stated that it is “investigating whether any information shared with TIAA may have been compromised.”

The following types of information may have been compromised as a result of the TIAA breach: 
        • Names
        • Social Security Numbers
        • Date of Birth
        • Employment Information
        • Financial Information

TIAA has advised affected individuals to monitor their credit reports and to take steps to protect their identity (more information on this is below).  

The TIAA breach is a reminder of the importance of cybersecurity. Organizations should take steps to protect their data from unauthorized access, including: 
        • Using strong passwords and security measures 
        • Keeping software up to date 
        • Monitoring their systems for suspicious activity 
If you are concerned that any personal information may have been compromised in a data breach, you can advise those impacted to consider the following steps: 
        • Place a fraud alert on your credit report. 
        • Monitor your credit reports for unauthorized activity. 
        • Contact your financial institutions to report the breach. 

What if I’ve Been Impacted as a Higher-Ed InstitutionImportant Logistics 

    • Contracts. For TIAA, NSC, and your insurance company, your legal representation will want to know the terms and conditions (T&Cs) outlined in these contracts.  Responsibility/liability should be with these vendors.
    • Legal Representation. Provide contracts.  Update them on the current situation.  Ensure they understand timelines. They should likely be the primary point of contact.
    • Contact 3rd Parties. Once you have been notified, we suggest you have your legal representative contact the NSC (and TIAA, if you have received notice from them too).  We suggest setting at least the following expectations:
        • Some form of fraud monitoring to be provided for each effected individual
        • Obtain a complete list of impacted individuals and in which states they reside
    • Communication Campaign. Draft communication to send to all workforce members.  We would be happy to review and provide feedback, if needed.  Key points to hit: 
        • Your legal team is actively engaged and is working on the situation.  
        • If individuals received a breach notification, have them forward the notice immediately to your legal team. In many cases the individuals are being notified, not the organizations. 
    • Insurance Company. T&Cs of your policy will describe the how, who, when, and where to do notifications. Considering you have a confirmed breach at this point, you would notify them per the requirements described in your contract. If you need help understanding your T&Cs (often challenging to understand), please send them to us and we can highlight  important requirements. 
Here are some additional resources that you may find helpful (check these sources for updates as well): 

Note: Progress Software also owns and provides the popular WS_FTP software in their acquisition of Ipswitch Corporation. Please do not get these two file transfer softwares confused. They are different. Check with Progress for a status on WS-FTP if in use. 

To repeat. This is a serious matter and one of the most significant exploitations we have seen recently. Please do not delay in acting.  Contact GreyCastle Security  below with questions about any of this information.  


Let’s Discuss Your Cybersecurity Needs

Contact Us
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from - Youtube
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Contact Us