CyberSecurity SEE

Progress Urges ShareFile Shutdown Due to Credible Threat

Progress Urges ShareFile Shutdown Due to Credible Threat

Honeypot Records Exploitation Attempt Against Flaw Patched Earlier This Year

In a significant security alert, Progress Software has instructed organizations utilizing self-managed instances of its ShareFile Storage Zone Controller to immediately power down their servers. This recommendation follows credible concerns regarding external threats targeting these systems. The urgency of this situation highlighted the vulnerabilities that can be exploited by cybercriminals, especially given the history of mass data theft campaigns aimed at users of secure file-transfer software.

The alarm raised by Progress Software coincided with reports from independent honeypots, which detected ongoing attempts to exploit a critical authentication bypass vulnerability in the ShareFile Storage Zone Controller software. This vulnerability had been patched earlier this year but now appears to be the focus of renewed attack efforts. The Massachusetts-based company released a security alert emphasizing their belief in a credible threat and recognizing the importance of precautions, even while asserting that there has been no observed unauthorized access to any Progress ShareFile accounts or data thus far.

As a precautionary measure, the company temporarily suspended access to ShareFile accounts linked to any Storage Zone Controllers, including those utilized by their clients. It is critical for all Storage Zone Controller administrators to also ensure their on-premises servers are powered down. These client-managed Storage Zone Controllers act as gateways that facilitate file storage on personal infrastructure—whether on-premises or in the cloud—while maintaining the collaboration features characteristic of the ShareFile system.

As of the latest updates, access to all on-premises Storage Zone Controllers remains unavailable—a decision communicated through Progress’s ShareFile status page. The organization’s alert came during an alarming time, where indications of active zero-day exploitation targeting these controllers were surfacing, as noted by the threat intelligence firm watchTowr. Earlier in April, watchTowr reported approximately 30,000 Storage Zone Controller instances found online; alarmingly, that figure had diminished to nearly 1,000 by Monday, indicating a potential sweeping impact from these threats.

Currently, Progress Software has not provided specific details about the nature of this security threat, although users on platforms like Reddit are postulating that attackers may have identified strategies to bypass the previous patches. Progress had previously published updates in February to mitigate two critical vulnerabilities related to the ShareFile Storage Zones Controllers up to version 5.12.3. These flaws could be exploited together to remotely execute malicious code.

These vulnerabilities include:

To rectify these issues, Progress advises users to upgrade to version 5.12.4 or any version 6 of the software. The company expressed gratitude to watchTowr and the security researcher h4x0r_dz for exposing these vulnerabilities, demonstrating the collaborative nature of cybersecurity efforts.

In tandem with these alerts, nonprofit cybersecurity organizations, such as the Shadowserver Foundation, have tracked active attempts to exploit these vulnerabilities. The organization recently documented attempts to exploit CVE-2026-2699 in real time. It has been suggested that these attacks may be a direct consequence of vulnerabilities made public in April and are symptomatic of the wider cybersecurity landscape where updates do not always suffice to mitigate risks effectively.

In mid-2023, the Clop ransomware group executed a SQL injection attack against Progress Software’s MOVEit platform, highlighting a troubling trend of attacks on secure file transfer software. Following the fresh alert from Progress, ransomware analyst Allan Liska speculated that the recent activities may demonstrate similar tactics employed by the Clop group. He encouraged ShareFile users to take protective measures, humorously referencing the famous line from Star Wars’ C-3PO: "shut them all down."

Historically, the Clop group has a track record of exploiting weaknesses within secure file transfer software, establishing a pattern of repeat attacks across various systems. Their cyber assaults have previously impacted products such as Accellion FTA, GoAnywhere Managed File Transfer Software, and now Progress Software’s offerings.

As cybersecurity threats loom larger, the invitation for all affected users to act decisively is clear: turning off vulnerable systems is a vital initial step. The dynamics of cybersecurity dictate that lingering vulnerabilities and the corresponding need for vigilance will continue to challenge organizations. With ongoing advancements in both cybercrime techniques and defense strategies, staying ahead of potential threats is crucial.

Source link

Exit mobile version