Jan. 25, 2024 at 3:15 pm

New flaw in Fortra’s GoAnywhere Managed File Transfer (MFT): Comment from Satnam Narang, Senior Staff Research Engineer, Tenable

“Notably, GoAnywhere was targeted by the Cl0p ransomware group last year, leveraging a zero-day vulnerability (CVE-2023-0669), to compromise data from several organisations. The group, claiming to have stolen data from “over 130 organisations” demonstrated a particular focus on file transfer solutions like GoAnywhere along with several others including Accellion File Transfer Appliance and Progress Software’s MOVEit Transfer solution. There’s a potential that CIop and other ransomware groups may exploit this new vulnerability in upcoming attacks, especially since a public proof-of-concept exploit is available.

“Historically, once a public proof-of-concept has been released, we see an uptick in exploit scanning activity, searching for vulnerable instances, which often escalates into mass exploitation.

“Organisations that use GoAnywhere MFT are strongly encouraged to apply the available patch as soon as possible. In cases where immediate patching isn’t feasible, there are mitigation instructions that can be applied to thwart exploitation attempts.” – Satnam Narang, Senior Staff Research Engineer, Tenable.

Tags :Tenable

add a comment

CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

New flaw in Fortra’s GoAnywhere Managed File Transfer (MFT): Comment from Satnam Narang, Senior Staff Research Engineer, Tenable

HFCL delivers resilient performance led by innovation; launched telecom and networking products for global market

EQT to Acquire WSO2

Kaspersky expands Global Transparency Initiative launching Istanbul Transparency Center

IBM Expands Software Availability to 92 Countries in AWS Marketplace including India

HFCL delivers resilient performance led by innovation; launched telecom and networking products for global market

EQT to Acquire WSO2

Kaspersky expands Global Transparency Initiative launching Istanbul Transparency Center

IBM Expands Software Availability to 92 Countries in AWS Marketplace including India

IN-SPACe releases Norms, Guidelines and Procedures (NGP) for implementation of Indian Space Policy 2023 in respect of Authorization of Space Activities

You Might Also Like