8 February 2023

Emergency patch released for actively exploited GoAnywhere MFT zero-day


Emergency patch released for actively exploited GoAnywhere MFT zero-day

Fortra has released an emergency fix, version 7.1.2, to address a zero-day vulnerability in the GoAnywhere MFT secure file transfer protocol that has been actively exploited by hackers.

The zero-day bug resides in the administrative web interface and could be exploited by a remote attacker to achieve remote code execution via a malicious request. In most cases, the administrator console is not exposed to the internet and should only be accessible via a private internal network or by an allow-listed IP address.

“Due to the nature of the attack, it is critical to note that every managed credential within your GoAnywhere environment should be considered potentially compromised. This includes passwords and keys used to access any external systems with which GoAnywhere is integrated. Ensure that all credentials have been revoked from those external systems and review relevant access logs related to those systems. This also includes passwords and keys used to encrypt files within the system,” Fortra said in a security advisory (available only via a free account).

According to a Shodan search query, there are nearly 1,000 GoAnywhere instances exposed on the internet.

Earlier this week, a proof-of-concept (PoC) code was released that could be used to achieve remote code execution on Internet-exposed and unpatched GoAnywhere MFT servers.

Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024