Progress advises customers managing ShareFile files on-premises to shut down their servers due to a ‘credible’ threat.
Forewarned is forearmed: Progress Software has notified customers via email of a ‘credible external threat’ targeting on-prem customers. The company confirmed the threat via Bleeping Computer. The notice applies to users of the ShareFile document management platform.
ShareFile is a platform for exchanging and managing documents in the cloud or on-prem. Progress acquired the company in 2024, after ShareFile was previously part of Citrix. Customers have the option to host their files in the Progress cloud or keep them on on-prem servers.
Shut down your servers
In the latter case, so-called Storage Zone Controllers provide the connection between the server and the ShareFile cloud. This allows companies to use authentication, sharing, and management functions in the cloud while keeping the files within their own environment. It is precisely these controllers that Progress says are at risk. Because the controllers connect the servers to the internet, they can also serve as a gateway for external parties if hijacked.
Progress does not specify exactly where the ‘credible external threat’ originates. We do not know if it concerns a vulnerability in the controllers for which a patch will soon be released, or if attacks have already effectively taken place. But Progress’s advice is clear: shut down servers to take them off the internet.
Bad memories
When Progress warns you, you had better listen. Three years later, the attacks on MOVEit will still be fresh in the memory of many companies. A ransomware gang actively targeted the data transfer software, and many large companies such as Sony and Shell fell victim. Barely a year later, another vulnerability appeared in MOVEit, fortunately with less damage. It remains to be seen what the impact of this potential threat will be.
