CyberNews Briefs

Patch Released for Actively Exploited GoAnywhere MFT Zero-Day

07 Feb 2023 OODA Analyst

The developers behind the GoAnywhere managed file transfer (MFT) software have released a patch for a critical zero-day vulnerability. The flaw was identified recently and warnings of active exploitation emerged roughly a week ago. The company behind the software has not released any details about the attacks targeting the vulnerability. Security firm Fortra alerted GoAnywhere MFT users on February 1, releasing a security notification about the vulnerability.

Fortra has released two other security notifications since then, each of which provide advice for users on how to mitigate the security risks as well as indicators of compromise. GoAnywhere users have been encouraged to install the patch immediately to avoid the risk of exploitation. GoAnywhere stated that customers running an admin portal exposed to the Internet are particularly at risk of exploitation.

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.

