MOVEit transfer web application vulnerability
ALEXANDRIA, VA (June 16, 2023) — On June 1, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued Progress Software Releases Security Advisory for MOVEit Transfer, a Cybersecurity Alert addressing a critical vulnerability that affects the MOVEit Transfer web application. This vulnerability is known as CVE-2023-34362.
MOVEit Transfer is a managed file transfer application used throughout the financial sector to securely transfer large volumes of sensitive data between systems. There exist indications of active exploitation of this vulnerability with resulting evidence of data exfiltration. All versions of MOVEit Transfer are affected, making it essential for credit unions to take appropriate action.
To address this issue, CISA advises credit unions to review MOVEit Transfer Critical Vulnerability Alert and apply the recommended remediation measures. Credit unions should prioritize applying necessary updates and actively searching for any signs of malicious activity.
If a credit union uncovers an incident:
- Report the incident to CISA through its 24/7 Operations Center at report@cisa.gov or by calling 888.282.0870.
- Evaluate whether data has been compromised — if a credit union suspects data has been compromised, it should report the incident to the local FBI Field Office.
- Report the incident to its respective regulatory authority — either the State Supervisory Authority or the NCUA.
Prudent credit unions have effective procedures for monitoring, sharing, and responding to threat and vulnerability information. The Federal Financial Institutions Examination Council’s Cybersecurity Threat and Vulnerability Monitoring and Sharing Statement provides valuable guidance. Credit unions can reach out to their primary federal or state regulator for further clarification and best practices.
About National Credit Union Administration (NCUA)
The NCUA is the independent federal agency created by the U.S. Congress to regulate, charter and supervise federal credit unions. With the backing of the full faith and credit of the United States, the NCUA operates and manages the National Credit Union Share Insurance Fund, insuring the deposits of more than 135 million account holders in all federal credit unions and the overwhelming majority of state-chartered credit unions. The NCUA also protects consumers and educates the public on consumer protection and financial literacy issues.
