Alert for GoAnywhere MFT Users Potential ZeroDay Vulnerability Detected

Users of the GoAnywhere secure managed file transfer software have been warned about a potential security risk. This software, created by Fortra (formerly known as HelpSystems), is designed to help organizations securely exchange data with their trading partners. Cybersecurity blogger Brian Krebs reported on the zero-day vulnerability on Thursday, and Fortra responded by temporarily disabling the service. The vulnerability is a zero-day remote code injection exploit, and requires access to the administrative console of the application. In most cases, this console should only be accessible from within a company's network, through a VPN, or from trusted IP addresses. However, some users may have exposed the console to the public internet. The web client interface, which is typically accessible from the internet, is not affected. It is not clear if the vulnerability has been exploited in the wild, but it is likely, as it is a zero-day. Fortra has provided instructions on how customers can check if their system has been compromised, and has recommended mitigations to prevent exploitation. Security researcher Kevin Beaumont has conducted a Shodan search and found roughly 1,000 internet-exposed systems, most of which are located in the United States. Users of the GoAnywhere secure managed file transfer software have been warned of a potential security risk. This software, created by Fortra, is designed to help organizations securely exchange data with their trading partners. Cybersecurity blogger Brian Krebs reported on the zero-day vulnerability on Thursday, and Fortra responded by temporarily disabling the service. The vulnerability is a zero-day remote code injection exploit, and requires access to the administrative console of the application. This console should usually only be accessible from within a company's network, through a VPN, or from trusted IP addresses. However, some users may have exposed the console to the public internet. The web client interface, which is typically accessible from the internet, is not affected. It is not clear if the vulnerability has been exploited in the wild, but it is likely, as it is a zero-day. Fortra has provided instructions on how customers can check if their system has been compromised, and has recommended mitigations to prevent exploitation. Security researcher Kevin Beaumont has conducted a Shodan search and found roughly 1,000 internet-exposed systems, most of which are located in the United States.

This Cyber News was published on www.securityweek.com. Publication date: Fri, 03 Feb 2023 12:18:02 +0000


Cyber News related to Alert for GoAnywhere MFT Users Potential ZeroDay Vulnerability Detected

Exploit released for Fortra GoAnywhere MFT auth bypass bug - Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software that allows attackers to create new admin users on unpatched instances via the administration portal. GoAnywhere MFT is a web-based ...
8 months ago Bleepingcomputer.com
Fortra's GoAnywhere MFT Software Faces Exploitation, No Evidence of Active Exploitation Detected - Reports on the exploitation of Fortra's GoAnywhere MFT file transfer software raised concerns due to the potential development of exploit code from a publicly released Proof of Concept. As of Thursday afternoon, there was no evidence of active ...
8 months ago Cysecurity.news
Revealing a Way to Take Advantage of a Newly Discovered Security Flaw in GoAnywhere MFT - A security researcher has released proof-of-concept exploit code that can be used to perform unauthenticated remote code execution on vulnerable GoAnywhere MFT servers. GoAnywhere MFT is a web-based and managed file transfer tool designed to help ...
1 year ago Bleepingcomputer.com
Emergency Fix Released for GoAnywhere MFT ZeroDay Vulnerability Being Exploited - Fortra has released an emergency patch to address a security flaw in its GoAnywhere MFT secure file transfer tool that is being actively exploited by attackers. The vulnerability allows them to gain remote code execution on vulnerable GoAnywhere MFT ...
1 year ago Bleepingcomputer.com
Revealing a Vulnerability in GoAnywhere MFT that is Currently Being Abused - A security vulnerability in GoAnywhere MFT, a web-based and managed file transfer tool, has been actively exploited. The exploit code was released by Florian Hauser of Code White, which allows for unauthenticated remote code execution on vulnerable ...
1 year ago Bleepingcomputer.com
Alert for GoAnywhere MFT Users Potential ZeroDay Vulnerability Detected - Users of the GoAnywhere secure managed file transfer software have been warned about a potential security risk. This software, created by Fortra (formerly known as HelpSystems), is designed to help organizations securely exchange data with their ...
1 year ago Securityweek.com
A Fix Released to Stop the Unauthorized Use of GoAnywhere MFT Software - Recently, a zero-day vulnerability was discovered in the GoAnywhere managed file transfer software, and news of active exploitation has been reported. Fortra, formerly known as HelpSystems, released two security notifications with mitigations and ...
1 year ago Securityweek.com
Hackers Can Gain Access to Servers Through a GoAnywhere MFT Security Flaw - GoAnywhere MFT, a secure web file transfer solution, has warned customers of a zero-day remote code execution vulnerability on exposed administrator consoles. This exploit requires access to the administrative console, which should not normally be ...
1 year ago Bleepingcomputer.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
9 months ago Techtarget.com
Week in review: 15 million Trello users' scraped data on sale, attackers can steal NTLM hashes - The reality of hacking threats in connected car systemsIn this Help Net Security interview, Ivan Reedman, Director of Secure Engineering at IOActive, discusses how manufacturers, government regulations, and consumers are adapting to these new ...
8 months ago Helpnetsecurity.com
Beware Cybercriminals Taking Advantage of Unpatched Vulnerability in Fortras GoAnywhere MFT - A recently discovered security flaw in Fortras GoAnywhere MFT managed file transfer application is being actively exploited in the wild. The vulnerability was first reported by security reporter Brian Krebs on Mastodon. It is a type of remote code ...
1 year ago Thehackernews.com
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware - Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware. In what appears to be a false positive, these security ...
10 months ago Bleepingcomputer.com
PoC exploit for critical Fortra FileCatalyst MFT vulnerability released - Proof-of-concept exploit code for a critical RCE vulnerability in Fortra FileCatalyst MFT solution has been published. Fortra FileCatalyst is an enterprise managed file transfer software solution that includes several components: FileCatalyst Direct, ...
6 months ago Helpnetsecurity.com
SpyNote Android malware spreads via fake volcano eruption alerts - The Android 'SpyNote' malware was observed in attacks targeting Italy using a fake 'IT-alert' public alert service that infected visitors with the information-stealing malware. IT-alert is a legitimate public service operated by the Italian ...
10 months ago Bleepingcomputer.com
Microsoft Alert: New INC Ransomware Targets US Healthcare - Security Boulevard - As per a recent Microsoft alert, a threat actor with malicious financial motives has been observed leveraging a new INC ransomware strain to target the health sector in the United States (US). Given the details in the Microsoft alert, threat ...
1 week ago Securityboulevard.com
CVE-2021-46830 - A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or ...
2 years ago
CVE-2024-25156 - ...
6 months ago
Extended Detection and Response: The Core Element of Zero-Trust Security - Extending and enhancing threat detection and response capabilities in the face of a growing attack surface is the primary result of XDR when it comes to security efficacy. This outcome can contribute not only to comprehensive protection but also to ...
9 months ago Securityboulevard.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
4 months ago Securelist.com
Combating Malware Threats - In the digital age, the security landscape is continually evolving, with malicious actors developing and deploying a variety of sophisticated malware to exploit systems, steal data, and disrupt operations. Malicious software designed to block access ...
8 months ago Feeds.dzone.com
MailChimp Security Breach Puts Millions of User Accounts at Risk - Millions of user accounts have been put at risk after a security breach was detected on MailChimp, a popular email marketing platform. The breach, which was discovered earlier this month, could potentially expose the personal data of millions of ...
1 year ago Securityaffairs.com
How Much Do You Know About the Files Entering Your Endpoints? - Malware remains a significant and pervasive threat in the digital age, with its impacts being felt across various sectors globally. The threat of malware extends beyond healthcare. Organizations must prioritize enhanced visibility in their digital ...
9 months ago Securityboulevard.com
How Attackers Distribute Malware to Foxit PDF Reader Users - Threat actors are exploiting a vulnerability in Foxit PDF Reader's alert system to deliver malware through booby-trapped PDF documents, according to researchers at Check Point. The researchers have identified several campaigns targeting Foxit Reader ...
4 months ago Cysecurity.news
CVE-2023-51387 - Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in ...
9 months ago
ExpressVPN bug has been leaking some DNS requests for years - ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. The bug was introduced in ExpressVPN Windows versions 12.23.1 - ...
8 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)