A zero-day vulnerability in file transfer software has been exploited by the Clop ransomware gang, affecting numerous global companies including the BBC, BA, Boots, and the government of Nova Scotia. Thousands of organizations are believed to be impacted. The bug was first exploited over the weekend of May 27 and Microsoft attributed the attacks to Clop affiliate Lace Tempest (FIN11). The campaign involves data theft and ransom, with organizations refusing to pay the fee facing potential publication of their information on the Clop leak site. The incident highlights the risks posed by third-party suppliers and the importance of managing supply-chain dependencies.

Read more: https://www.infosecurity-magazine.com/news/clop-ransom-gang-big-names-moveit/