Security News > 2023 > February > Exploit released for actively exploited GoAnywhere MFT zero-day
Exploit code has been released for an actively exploited zero-day vulnerability affecting Internet-exposed GoAnywhere MFT administrator consoles.
GoAnywhere MFT is a web-based and managed file transfer tool designed to help organizations to transfer files securely with partners and keep audit logs of who accessed the shared files.
On Monday, security researcher Florian Hauser of IT security consulting firm Code White released technical details and proof-of-concept exploit code that performs unauthenticated remote code execution on vulnerable GoAnywhere MFT servers.
The company is yet to publicly acknowledge this remote pre-authentication RCE security flaw exploited in attacks and hasn't released security updates to address the vulnerability, thus leaving all exposed installations vulnerable to attacks.
Exploit released for critical VMware vRealize RCE vulnerability.
Exploit released for critical ManageEngine RCE bug, patch now.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Enterprise tech dominates zero-day exploits with no signs of slowdown (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)