Enterprise software firm Progress Software must be suffering an alarming case of deja vu as it continues to investigate a “credible external security threat” that it warned customers of late last week.
“We have reason to believe there is a credible external security threat targeting Progress Software’s ShareFile Storage Zone Controllers,” the company told its customers in an email seen by Bleeping Computer.
“Currently, we have no indication of unauthorised access to any Progress ShareFile accounts or data. As a precaution, we have temporarily disabled access to ShareFile accounts using the Storage Zone Controllers, including yours.”
ShareFile is a collaboration and file-sharing platform that can either store data entirely on Progress Software’s cloud infrastructure. Alternatively, customers can deploy Storage Zone Controllers, which allow for a hybrid storage solution using both the cloud and on-prem Windows servers.
“You must manually shut down the server hosting your Storage Zone Controllers. This is a critical additional step to ensure the safety of your data,” the company said.
Progress said it was acting out of an “abundance of caution” and was working with cyber security experts, both external and internal, to remediate the issue. The company has not shared whether the problem is a result of direct compromise or a zero-day vulnerability; however, it appears to be taking whatever the problem is very, very seriously.
As of writing, Progress has issued the following on its status page: “ShareFile customers with Storage Zone Controllers are not operational at this time – We are currently investigating this issue.”
File-sharing and transfer systems have become sweet spot targets of cyber extortionists in recent years, something Progress is highly aware of. Its MOVEit Transfer platform suffered a zero-day vulnerability in 2023, which was extensively exploited by the Cl0p cyber criminal group.
WatchTowr CEO and founder Benjamin Harris said the industry has seen this scenario play out many times.
“File transfer solutions hold an organisation’s most sensitive data and sit at the heart of critical business processes. It’s no surprise that they repeatedly become targets for exploitation,” Harris told Cyber Daily on 11 July.
“Today’s events have Progress ominously urging customers to immediately disconnect internet-facing ShareFile servers due to a credible external security threat. This is not a ‘something might be bad’ type of action, but a clear indicator that, while unconfirmed as of now, Progress is so concerned on behalf of clients that it has disabled access to ShareFile accounts using the Storage Zone Controllers.”
According to Harris, there are about 3,000 internet-facing ShareFile controllers, meaning the blast radius of any threat could be “significant”.
“Confirmed or not, there is enough smoke to start shouting ‘probable fire, evacuate while you still can,’” Harris said.
“If you’re running ShareFile Storage Zone Controllers, do what Progress is telling you and take the exposed boxes offline. Now.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.