CLOP Ransomware exploits MOVEit software

McAfee reports that the Clop ransomware group exploited a SQL injection vulnerability (CVE-2023-34362) in Progress MOVEit Transfer to steal files from numerous organizations (including banks, federal agencies, and companies) and extort victims by threatening to publish stolen data; CISA and FBI issued advisories and Progress provided mitigation guidance, and affected organizations are urged to follow vendor and CISA recommendations to remediate and protect exposed MOVEit instances.