this post was submitted on 07 Jun 2023
1 points (100.0% liked)

/c/cybersecurity - Cybersecurity News & Discussion

2090 readers
3 users here now

A community for technical news and discussion of cybersecurity and closely related topics.

founded 4 years ago
MODERATORS
 

Clop seems to be on a roll, first with GoAnywhere and now with Moveit

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

https://community.progress.com/s/question/0D54Q0000AL2k8jSQB/moveit-transfer-critical-vulnerability-may-2023

I agree there should perhaps have been better controls in place to check for SQL Injection vulnerabilities, and that yea some businesses try hard to maximise profits, but I would also say that developers are not infallible :)

Without seeing anything standing out on their website, I think this does show the importance of getting your product regularly security audited by and external, third party :)

[–] [email protected] 2 points 1 year ago

SQL injection? Oh, good grief. Here I was assuming it was some subtle bug, like use-after-free or using a cryptographic primitive slightly wrong—an honest mistake made by a developer who's working too hard. But SQL injection vulnerabilities are the result of doing something we've been taught for decades to never do, so I can't imagine any excuse for this.