Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

May

May TRU Intelligence Briefing

May

Elevate IT Technology Summit Kansas City

May

Cybersecurity Summit Toronto

May

Cybersec Brussels

May

Cybersecurity Summit Austin

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On June 12th, Progress Software disclosed a new vulnerability impacting the MOVEit Transfer file transfer application. The vulnerability is distinct from the recently patched MOVEit Transfer vulnerability CVE-2023-34362. The latest release is a SQL injection vulnerability tracked as CVE-2023-35036; exploitation would allow an unauthenticated remote attacker to access the MOVEit Transfer's database, enabling data modification or theft. There is no indication of real-world attacks at this time, but due to the high value of the vulnerability eSentire assesses it is probable exploitation will occur in the near future.

Progress Software has released new security patches to address this vulnerability and organizations are strongly recommended to apply the patches as soon as possible.

What we’re doing about it

eSentire Managed Vulnerability Service (MVS) has plugins in place to identify CVE-2023-35036 and CVE-2023-34362
eSentire previously released an advisory for the MOVEit Transfer vulnerability CVE-2023-34362
eSentire MDR for Network has detections in place to identify post-compromise activity associated with exploitation of CVE-2023-34362
The eSentire Threat Intelligence team is actively tracking both CVE-2023-35036 and CVE-2023-34362 for additional details and detection opportunities

What you should do about it

After performing a business impact review, apply the relevant security patches
- Alternative mitigations are not available at this time

Additional information

CVE-2023-35036 impacts MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2). While CVE-2023-35036 has not been identified in real-world attacks at this time, exploitation in the future is expected. As such, organizations are strongly recommended to apply the latest round of security patches. It should be noted that organizations that have applied security patches for CVE-2023-34362 are still vulnerable to CVE-2023-35036 and are required to install the new patches.

This week, new updates related to the previous MOVEit Transfer vulnerability CVE-2023-34362 were disclosed. The company Horizon3 has released technical details and Proof-of-Concept (PoC) exploit code for the vulnerability. This release significantly increases the likelihood of widespread exploitation of CVE-2023-34362 by threat actors. To date, only the CLOP (Lace Tempest) threat actor group has been identified exploiting the vulnerability. Any organization that has not yet applied security patches for CVE-2023-34362 needs to treat all potentially impacted devices as compromised until validated secure.

References:

[1] https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
[2] https://www.cve.org/CVERecord?id=CVE-2023-35036
[3] https://www.esentire.com/security-advisories/critical-vulnerability-in-moveit-transfer
[4] https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One

MDR Vendors: Complete Guide to Understanding Managed Detection & Response…

Identity is the New Attack Surface: Why Threat Detection Alone Isn't…

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

Maximum Severity SAP Vulnerability Exploited

CrushFTP Authentication Bypass