Just yesterday we wrote that hackers are actively exploiting zero -day vulnerability found in the corporate service of the transfer of Goanywhere MFT files. Already today, Fortra has released an emergency correction for its product.
Vulnerability can only be applied to instances of software, access to the administrative panel of which can be obtained from the Internet. Shodan scan showed that there are a little more than a thousand such copies on the entire Internet.
At the weekend, the company told its customers that vulnerability exists and is actively used in hacker attacks. Fortra provided compromising indicators for potentially affected customers, including the specific trace of the stack, which will be displayed in journals on compromised systems.
“We recommend that you apply the correction as soon as possible to completely eliminate the identified problem. We consider this an urgent issue, especially for customers using the administration portal with access from the Internet,” says Fortra.
On Monday, security researcher Florian Hauser from the Code White consulting company has also released POC-EXTOST, which can be used to remove the code on unprotected servers Goanywhere Mft.
“Make sure that all accounting data have been revoked from external systems, and check the relevant access logs associated with these systems. This also includes passwords and keys used to encrypt files in the system,” Fortra representatives warned their customers.
It is very commendable that the company reacted so quickly and released the correction of vulnerability. This says a lot about Fortra to his customers. Now the case is the administrators of organizations who need to urgently apply the released update.