Progress Software Warns of Active Threat Against ShareFile Storage Zone Controllers

Progress Software has ordered ShareFile customers running on-premises Storage Zone Controllers to shut down the servers immediately due to what the company calls a credible external security threat.

CSBadmin
2 Min Read

Urgent Shutdown Order

Progress Software has issued an emergency alert to customers using on-premises Storage Zone Controllers with its ShareFile platform. The company sent emails late Monday night, seen by BleepingComputer, instructing organizations to immediately shut down their Windows servers hosting these controllers. Progress cited a credible external security threat specifically targeting this component of the hybrid file sharing system, though it reported no evidence of unauthorized access to customer accounts or data as of the warning.

Nature of the Threat and Response

The Storage Zone Controllers are internet accessible servers that handle file transfers between the ShareFile cloud and customer managed local storage. Progress has temporarily disabled access to affected ShareFile accounts through its cloud platform, but stressed that this step alone is insufficient. Customers must manually power down their physical or virtual servers hosting the controllers to fully mitigate the risk. The company is investigating the threat with internal and external cybersecurity experts and plans to provide an update within 24 hours. Progress has not disclosed whether the threat involves a zero day vulnerability or if any controllers have already been compromised.

Industry Context

This warning echoes previous attacks on enterprise file transfer platforms. In 2023, the Clop ransomware group exploited a zero day in Progress MOVEit Transfer, stealing data from thousands of organizations. Since then, attackers have increasingly targeted internet facing managed file transfer and file sharing systems because of the sensitive data they typically handle. The ShareFile status page now shows that customers with Storage Zone Controllers are not operational, and Progress has asked all affected users to remain offline until further notice.

Source: BleepingComputer

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.