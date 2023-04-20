Fortra attributes GoAnywhere breach to a zero day vulnerability

By on
Fortra attributes GoAnywhere breach to a zero day vulnerability

Publishes post mortem.

Fortra has published a post mortem of the GoAnywhere hack that compromised end user data in January and February.

Australian organisations affected by the data breach include Tasmania’s education department, Rio Tinto, and Crown Resorts.

The company said the attack used a zero-day vulnerability, CVE-2023-0669, which it said is a “pre-authentication command injection vulnerability … due to deserialising an arbitrary attacker-controlled object”.

Fortra first observed suspicious activity on January 30, 2023, but upon later investigation, it found that on-premises customers with web-facing GoAnywhere admin interfaces had been breached as early as January 18.

In its analysis, Fortra said: “Our initial investigation revealed the unauthorised party used CVE-2023-0669 to create unauthorised user accounts in some MFTaaS customer environments.

“For a subset of these customers, the unauthorised party leveraged these user accounts to download files from their hosted MFTaaS environments.”

On some victims, the attackers also installed two additional tools on their systems, the Netcat utility, and Errors.jsp.

The company said where those tools were found, it worked with customers to remove them.

The company said following remediation, customers should rotate their master encryption key; reset all credentials, including for partners; review audit logs; and delete any “suspicious admin and/or web user accounts”.

If a customer stored credentials for any other systems in their instance, those credentials should also be revoked, the company said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
fortragoanywheresecurity

Sponsored Whitepapers

Creating the Sustainable IT Department
Creating the Sustainable IT Department
Modernize and innovate in a Multicloud operating model
Modernize and innovate in a Multicloud operating model
The Future Belongs to the Innovators
The Future Belongs to the Innovators
Manufacturers&#8217; Perspectives on Modernizing with Edge Computing and 5G eBook
Manufacturers’ Perspectives on Modernizing with Edge Computing and 5G eBook
State of Email Security Report 2023
State of Email Security Report 2023

Events

Most Read Articles

Western Sydney University takes down student management system

Western Sydney University takes down student management system
Cyber Security NSW stares down $70m shortfall

Cyber Security NSW stares down $70m shortfall
Australian insurers warn against outright ransomware payment ban

Australian insurers warn against outright ransomware payment ban
Insecure tech is a national security risk, gov agencies warn

Insecure tech is a national security risk, gov agencies warn

Digital Nation

Case study: How La Trobe University sets its data students up for success
Case study: How La Trobe University sets its data students up for success
Case Study: How HCF reengaged its customers through data and analytics
Case Study: How HCF reengaged its customers through data and analytics
Cover Story: The business of gaming will reshape marketing, technology
Cover Story: The business of gaming will reshape marketing, technology
Meta threatens to take news off its platform in the US. Yep, we're here again
Meta threatens to take news off its platform in the US. Yep, we're here again
Case study: Transurban uses automation to detect road incidents
Case study: Transurban uses automation to detect road incidents

Log In

  |  Forgot your password?