On 6 February Florian Hauser, a researcher with Code White released a Proof-of-Concept (PoC) exploit for the GoAnywhere MFT zero-day that is being actively exploited. While Fortra, the company that develops and maintains GoAnywhere, has not made a public statement, privately (requires a free account) they’ve released a security bulletin with mitigation steps and have released a security patch (7.1.2) to address the flaw. The exploit is an unauthenticated remote code execution that takes advantage of hard-coded keys, potentially granting an attacker access to the internal network. Shodan shows nearly 1000 devices exposed to the public internet in a way that makes the exploit possible.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security