Recently two organizations have reported that they have experienced cybersecurity incidents caused by a zero-day vulnerability (CVE-2023-0699) in Fortra’s GoAnywhere MFT secure file sharing software.
The latest case was March 2, when fintech Hatch Bank reported that threat actors stole the personal data of nearly 140,000 customers from the GoAnywhere platform.
Last month, an SEC filing disclosed that 1 million patients tied to Community Health Systems in Tennessee were among 130 organizations compromised by the Clop ransomware group.
It’s a nightmare for any software vendor to discover a zero-day vulnerability being exploited in the wild. This nightmare gets compounded when the software is a security-oriented tool. This zero-day exploit also needs an exposed administrative console to work. It’s an interesting case,
The vulnerability is listed in the OWASP top 10 and should have been caught by a secure software development process. Rather than focusing on specific vulnerabilities, security teams should enable MFA wherever possible, but especially for privileged accounts; disable or limit any open administrative console access by any means possible; and monitor security controls for any anomalous user behavior, especially administrative accounts.
Any company using the Fortra GoAnywhere software to patch right away and be sure not to expose the admin console to the public internet.