GoAnywhere MFT Archives

Fortra Completes Postmortem Of GoAnywhere Vulnerability

June 5, 2023 Alex Woodie

Security firm Fortra recently published an analysis of the zero-day vulnerability that impacted its GoAnywhere MFT customers earlier this year and committed itself to “continuous improvement.” Meanwhile, an analysis shows that dozens of organizations continue to run unpatched and exposed versions of GoAnywhere months after the flaw was discovered and patches became available.

Fortra (formerly HelpSystems) first became aware of the remote code injection exploit vulnerability in its GoAnywhere managed file transfer (MFT) product on January 30, as we previously reported, and quietly alerted customers on February 1. The company says it immediately shut down the hosted version of …
Read more
IBM i PTF Guide, Volume 25, Number 8

February 27, 2023 Doug Bidwell

We are playing catch up a bit here at the IBM i PTF Guide, and apologies for that but it goes that way sometime. There are a bunch of security vulnerabilities that you need to be aware of, including one that covers systems software not from IBM, as we usually track, but file transfer software from Forta (formerly known as HelpSystems). We are going to be keeping a closer eye on third party software security bulletins going forward.

So first, we have CVE-2023-0669, which explains that GoAnywhere MFT from Fortra (formerly HelpSystems) suffers from a pre-authentication command injection …
Read more
Zero-Day Vulnerability in Fortra’s GoAnywhere MFT Being Actively Exploited

February 15, 2023 Alex Woodie

A critical security vulnerability in Fortra’s (formerly HelpSystems) managed file transfer (MFT) solution, GoAnywhere MFT, is being actively exploited to steal data from companies and possibly even to spread ransomware according to published reports. Fortra told customers to consider every managed credential in their GoAnywhere environment to be compromised, shut down cloud instances of the service, and issued an emergency patch for the zero-day security vulnerability.

Security reporter Brian Krebs was the first to share news of the vulnerability, which is described as remote code injection flaw that requires administrative console access for successful exploitation. In a February 2 post …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

Fortra Completes Postmortem Of GoAnywhere Vulnerability

IBM i PTF Guide, Volume 25, Number 8

Zero-Day Vulnerability in Fortra’s GoAnywhere MFT Being Actively Exploited

Content archive

Recent Posts

Subscribe

Pages

Search