Revealing a Vulnerability in GoAnywhere MFT that is Currently Being Abused

A security vulnerability in GoAnywhere MFT, a web-based and managed file transfer tool, has been actively exploited. The exploit code was released by Florian Hauser of Code White, which allows for unauthenticated remote code execution on vulnerable GoAnywhere MFT servers. According to a Shodan scan, almost 1,000 GoAnywhere instances are exposed on the Internet, and Fortra, the developer of the tool, has yet to publicly acknowledge the vulnerability or release security updates to address it. The private advisory provides indicators of compromise, including a specific stacktrace that shows up in the logs on compromised systems. Fortra also recommends implementing access controls to allow access to the GoAnywhere MFT administrative interface only from trusted sources or disabling the licensing service. Additionally, they suggest revoking any credentials stored in the environment, as well as passwords and keys used to access external systems and encrypt files.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 06 Feb 2023 23:41:02 +0000


Cyber News related to Revealing a Vulnerability in GoAnywhere MFT that is Currently Being Abused

Exploit released for Fortra GoAnywhere MFT auth bypass bug - Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software that allows attackers to create new admin users on unpatched instances via the administration portal. GoAnywhere MFT is a web-based ...
10 months ago Bleepingcomputer.com
Fortra's GoAnywhere MFT Software Faces Exploitation, No Evidence of Active Exploitation Detected - Reports on the exploitation of Fortra's GoAnywhere MFT file transfer software raised concerns due to the potential development of exploit code from a publicly released Proof of Concept. As of Thursday afternoon, there was no evidence of active ...
10 months ago Cysecurity.news
Revealing a Vulnerability in GoAnywhere MFT that is Currently Being Abused - A security vulnerability in GoAnywhere MFT, a web-based and managed file transfer tool, has been actively exploited. The exploit code was released by Florian Hauser of Code White, which allows for unauthenticated remote code execution on vulnerable ...
1 year ago Bleepingcomputer.com
Revealing a Way to Take Advantage of a Newly Discovered Security Flaw in GoAnywhere MFT - A security researcher has released proof-of-concept exploit code that can be used to perform unauthenticated remote code execution on vulnerable GoAnywhere MFT servers. GoAnywhere MFT is a web-based and managed file transfer tool designed to help ...
1 year ago Bleepingcomputer.com
Emergency Fix Released for GoAnywhere MFT ZeroDay Vulnerability Being Exploited - Fortra has released an emergency patch to address a security flaw in its GoAnywhere MFT secure file transfer tool that is being actively exploited by attackers. The vulnerability allows them to gain remote code execution on vulnerable GoAnywhere MFT ...
1 year ago Bleepingcomputer.com
A Fix Released to Stop the Unauthorized Use of GoAnywhere MFT Software - Recently, a zero-day vulnerability was discovered in the GoAnywhere managed file transfer software, and news of active exploitation has been reported. Fortra, formerly known as HelpSystems, released two security notifications with mitigations and ...
1 year ago Securityweek.com
Hackers Can Gain Access to Servers Through a GoAnywhere MFT Security Flaw - GoAnywhere MFT, a secure web file transfer solution, has warned customers of a zero-day remote code execution vulnerability on exposed administrator consoles. This exploit requires access to the administrative console, which should not normally be ...
1 year ago Bleepingcomputer.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
11 months ago Techtarget.com
PoC exploit for critical Fortra FileCatalyst MFT vulnerability released - Proof-of-concept exploit code for a critical RCE vulnerability in Fortra FileCatalyst MFT solution has been published. Fortra FileCatalyst is an enterprise managed file transfer software solution that includes several components: FileCatalyst Direct, ...
9 months ago Helpnetsecurity.com
Beware Cybercriminals Taking Advantage of Unpatched Vulnerability in Fortras GoAnywhere MFT - A recently discovered security flaw in Fortras GoAnywhere MFT managed file transfer application is being actively exploited in the wild. The vulnerability was first reported by security reporter Brian Krebs on Mastodon. It is a type of remote code ...
1 year ago Thehackernews.com
Alert for GoAnywhere MFT Users Potential ZeroDay Vulnerability Detected - Users of the GoAnywhere secure managed file transfer software have been warned about a potential security risk. This software, created by Fortra (formerly known as HelpSystems), is designed to help organizations securely exchange data with their ...
1 year ago Securityweek.com
Week in review: 15 million Trello users' scraped data on sale, attackers can steal NTLM hashes - The reality of hacking threats in connected car systemsIn this Help Net Security interview, Ivan Reedman, Director of Secure Engineering at IOActive, discusses how manufacturers, government regulations, and consumers are adapting to these new ...
10 months ago Helpnetsecurity.com
CVE-2021-46830 - A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or ...
2 years ago
CVE-2024-25156 - ...
9 months ago
Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously - Attackers are using an 8-year-old version of the Redis open-source database server to maliciously use Metasploit's Meterpreter module to expose exploits within a system, potentially allowing for takeover and distribution of a host of other malware. ...
8 months ago Darkreading.com
CVE-2020-9413 - The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an ...
4 years ago
Attackers Can Gain Control of Users' Queries and LLM Data Output - Gemini is Google's newest family of Large Language Models. The Gemini suite currently houses 3 different model sizes: Nano, Pro, and Ultra. Although Gemini has been removed from service due to politically biased content, findings from HiddenLayer ...
9 months ago Packetstormsecurity.com
Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
1 year ago Bleepingcomputer.com
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released - The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. FileCatalyst Workflow is a web-based file ...
5 months ago Bleepingcomputer.com
Exploit for CrushFTP RCE chain released, patch now - A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. The ...
1 year ago Bleepingcomputer.com
CVE-2023-0669 - Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. ...
5 months ago
CVE-2024-9945 - An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. ...
1 week ago Tenable.com
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
10 months ago Bleepingcomputer.com
CVE-2024-0204 - Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. ...
10 months ago
Watch out, a new critical flaw affects Fortra GoAnywhere MFT - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
10 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)