In a new chapter in the ongoing MOVEit data breaches, the notorious Cl0p ransomware group has claimed yet another victim: AMC Theatres. This comes at the same time the Cl0p ransomware group claimed Discovery data breach, which was posted at the same time as the AMC Theatres data breach.
The exploit used by the criminals involves a vulnerability in Progress Software’s popular MOVEit transfer application. This widely used app has been exploited by the hacker group, causing wide-scale service disruptions.
Unfortunately, the MOVEit data breaches has led to many organizations falling victim to data theft, compromising sensitive customer and employee information. The Cyber Express has reached out to both companies to learn more about the alleged AMC Theatres data breach and Discovery data breach claims.
However, at the time of writing this, no official statement or confirmation has been received.
AMC Theatres data breach and Discovery data breach explained: MOVEit vulnerability involved
According to threat analyst Brett Callow, both the AMC Theatres data breach and the alleged Discovery data breach is far-reaching as the number of MOVEit vulnerability victims is increasing drastically.
At the time of writing this, a more than 300 organizations have been impacted, with a jaw-dropping total of 18,154,787 individuals affected.
The AMC Theatres data breach and the announcement of another victim, Discovery Network, is just the tip of the iceberg because Cl0p ransomware has claimed cyber attacks on major corporations throughout the US, UK, and the rest of the world.
Progress Software, the parent company behind the renowned MOVEit transfer application, has recently confirmed that their product fell victim to a large-scale cyber attack.
In an update provided on July 5th, Progress Software addressed the ongoing vulnerability in MOVEit, announcing implementation of a new Service Pack program for all MOVEit transfer application products.
This initiative was established in response to valuable feedback from customers who desire regular and predictable product updates and scheduled fixes.
By introducing the Service Pack program, Progress Software aims to deliver more frequent updates and establish a straightforward and transparent process for addressing product and security issues.
Progress Software responds to MOVEit vulnerability exploitation
The initial Service Pack has already been released and encompasses essential product and security fixes for supported versions of MOVEit transfer application.
Furthermore, this Service Pack has also been implemented in MOVEit Cloud, with plans to include MOVEit Automation in future Service Pack releases. Noteworthy enhancements in this release involve:
- Improving the MOVEit MOVEit transfer application database.
- Optimizing the installer.
- Resolutions for three new Common Vulnerabilities and Exposures (CVEs).
Looking ahead, Progress Software intends to issue a new Service Pack approximately every two months. To stay up-to-date with major releases, service packs (including the most recent ones), and hotfixes, customers are encouraged to refer to the MOVEit Product Hub.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.