Security News > 2023 > February > GoAnywhere MFT zero-day vulnerability lets hackers breach servers
The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles.
GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.
"A Zero-Day Remote Code Injection exploit was identified in GoAnywhere MFT," warns the GoAnywhere security advisory.
On the file system where GoAnywhere MFT is installed, edit the file " /adminroot/WEB INF/web.
BleepingComputer has identified local governments, healthcare companies, banks, energy firms, financial services companies, museums, and computer part manufacturers utilizing the GoAnywhere file transfer solution.
Even a single breach leveraging GoAnywhere MFT's zero-day flaw could leak sensitive information that could be used for extortion.
News URL
Related news
- Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency (source)
- GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom (source)
- Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts (source)
- Hackers use new IceBreaker malware to breach gaming companies (source)
- Google Fi data breach let hackers carry out SIM swap attacks (source)
- North Korean hackers stole research data in two-month-long breach (source)
- Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (source)
- Hackers breach Reddit to steal source code and internal data (source)
- Emsisoft says hackers are spoofing its certs to breach networks (source)
- Hackers backdoor Microsoft IIS servers with new Frebniis malware (source)