MOVEit Was a SQL Injection Accident Waiting to Happen

In Data Breach News
August 31, 2023

Omkhar Arasaratnam writes that the same type of attack that took advantage of poor security in 1998 is still taking advantage of poor security in 2023. He writes:

SQL injection — among the lowest hanging of security fruit — is still included in the Open Worldwide Application Security Project (OWASP) Top 10 list of security vulnerabilities. One of the worst attacks ever occurred back in 2008, when Heartland Payment Systems was breached and more than 130 million credit and debit card numbers were compromised. In 2023, the Cl0p ransomware group exploited previously unknown SQL injection vulnerabilities in MOVEit, Progress Software’s file transfer program, and compromised hundreds of victims as part of a supply chain attack.

Read more of his article at Dark Reading.