Sony Interactive Entertainment (Sony) recently informed current and former employees, as well as their families, of a data breach that exposed private data.
The company notified around 6,800 people about the data breach, confirming that the attack occurred when an unauthorised party exploited a zero-day vulnerability in the MOVEit Transfer platform.
The Clop ransomware took advantage of the zero-day, CVE-2023-34362, a critical-severity SQL injection vulnerability that can result in remote code execution, in massive attacks that affected several organisations across the world.
The intrusion took place on May 28, three days before Sony was informed of the vulnerability by Progress Software (the MOVEit vendor), according to the data breach notification, although it wasn’t discovered until early June.
The notice states that “on June 2, 2023, [we] discovered the unauthorized downloads, immediately took the
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: