Organizations big and small are falling prey to the mass exploitation of a critical vulnerability in a widely used file-transfer program. The exploitation started over the Memorial Day holiday—while the critical vulnerability was still a zeroday—and continues now, some nine days later.
As of Monday evening, payroll service Zellis, the Canadian province of Nova Scotia, British Airways, the BBC, and UK retailer Boots were all known to have had data stolen through the attacks, which are fueled by a recently patched vulnerability in MOVEit, a file-transfer provider that offers both cloud and on-premises services. Both Nova Scotia and
→ Continue reading at Ars Technica