July 4, 2024 at 04:36AM Europol led Operation Morpheus to tackle nearly 600 illegal IP addresses associated with Cobalt Strike. The disruptive action targeted criminal activity, involving partners in 27 countries. Notable support was provided by private sector partners and Europol’s Malware Information Sharing Platform. The operation sent a strong message to cybercriminals globally. However, … Read more
June 28, 2024 at 07:12AM Fortra released patches for a critical SQL injection vulnerability (CVE-2024-5276, CVSS 9.8) in FileCatalyst Workflow version 5.1.6 Build 135 and earlier. This flaw could create administrative user accounts and modify application data. Tenable identified the issue and published PoC code for exploiting it. Fortra addressed the vulnerability in version 5.1.6 … Read more
March 18, 2024 at 10:09AM Fortra disclosed a critical security flaw in its FileCatalyst solution allowing unauthenticated attackers to achieve remote code execution by bypassing restrictions on file uploads. Tracked as CVE-2024-25153, the flaw received a CVSS score of 9.8 and was patched in FileCatalyst Workflow version 5.1.6 Build 114. Other vulnerabilities, CVE-2024-25154 and CVE-2024-25155, … Read more
March 18, 2024 at 06:45AM The PoC code is available for a critical vulnerability (CVE-2024-25153, CVSS score 9.8) in Fortra FileCatalyst Workflow. Attackers can execute arbitrary code through a directory traversal bug in the ‘ftpservlet’ component, potentially leading to web shell execution. SOCRadar warns of threat actor exploitation and advises prompt system updates. Additional details … Read more
February 27, 2024 at 02:23PM The Phishing as a Service (PhaaS) platform ‘LabHost’ has become a major concern, aiding cybercriminals in targeting North American banks, particularly Canadian institutions. LabHost offers customizable phishing kits, infrastructure, and a real-time phishing management tool for a monthly fee. Their new SMS spamming tool, ‘LabSend,’ further extends their reach in … Read more
January 24, 2024 at 03:05PM A new proof-of-concept exploit is available for a critical authentication bypass vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere Managed File Transfer software. This flaw affects a large percentage of systems and allows unauthenticated remote attackers to create new accounts with admin privileges. The release of this exploit is likely to lead to … Read more
January 24, 2024 at 10:07AM Security experts have rapidly published working exploits for a critical vulnerability in Fortra GoAnywhere MFT, exposing a serious authentication bypass issue initially disclosed by Fortra in December. Researchers from Horizon3 developed an exploit targeting a vulnerable endpoint, exposing the system to unauthorized admin user creation. Fortra advises upgrading to version … Read more
January 24, 2024 at 09:24AM A critical vulnerability (CVE-2024-0204, CVSS score 9.8) in Fortra’s GoAnywhere MFT allows an unauthenticated attacker to create an admin user. Patches were released on Dec 7, urging customers to update to version 7.4.1. Horizon3.ai published a technical writeup on the bug’s root cause and PoC code one day after the … Read more
January 24, 2024 at 02:00AM A critical security flaw (CVE-2024-0204) in Fortra’s GoAnywhere MFT software allows unauthorized user to create admin user. Users unable to upgrade to v7.4.1 should delete InitialAccountSetup.xhtml file in non-container deployments. For container-deployed instances, file should be replaced with empty file and restarted. No evidence of active exploitation. (Words: 49) Key … Read more
January 23, 2024 at 10:46AM Fortra warns of a critical authentication bypass vulnerability in GoAnywhere MFT, affecting versions prior to 7.4.1. Exploitation allows unauthorized creation of admin accounts and could lead to data breaches and malware introduction. The flaw was fixed in version 7.4.1, and users are advised to update immediately. Notably, past incidents suggest … Read more