Credit unions are being encouraged by the National Credit Union Administration (NCUA) to review a cybersecurity notification from the Cybersecurity and Infrastructure Security Agency (CISA), which recently published a “Progress Software Releases Security Advisory for MOVEit Transfer” regarding a critical vulnerability impacting the MOVEit Transfer web application.
You can view details of the vulnerability here.
“MOVEit Transfer is a managed file transfer application used throughout the financial sector to securely transfer large volumes of sensitive data between systems,” CISA stated. “There exist indications of active exploitation of this vulnerability with resulting evidence of data exfiltration. All versions of MOVEit Transfer are affected, making it essential for credit unions to take appropriate action.”
To address this issue, the NCUA noted CISA is advising credit unions to review the MOVEit Transfer Critical Vulnerability Alert and apply the recommended remediation measures. Credit unions should prioritize applying necessary updates and actively search for any signs of malicious activity.
According to the NCUA, a credit union finding an episode/event should:
Review if data/information has been compromised. If so, then a credit union should report the incident to the local Federal Bureau of Investigations (FBI) field office.
2855 East Guasti Rd., Suite 202
Ontario, CA 91761
909.212.6000
1201 K. St., Suite 1050
Sacramento, CA 95814-3992
916.325.1360
c/o Great Basin FCU
9770 South Virginia Street
Reno, NV 89511-5941
202.638.5777 www.cuna.org
www.dfpi.ca.gov
Clothilde “Cloey” V. Hewlett — 415.263.8500
fid.state.nv.us
702.486.4120 (Las Vegas)
775.684.2970 (Carson City)