Fortra has patched a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-25153, in its FileCatalyst file transfer solution, which could allow unauthenticated attackers to upload files outside the intended directory and execute code. The flaw was reported in August 2023 and addressed in FileCatalyst Workflow version 5.1.6 Build 114. Another two security vulnerabilities in FileCatalyst Direct (CVE-2024-25154 and CVE-2024-25155) were also resolved. Users are advised to apply the necessary updates to mitigate potential threats, especially in light of previous exploitation of Fortra's managed file transfer solution by threat actors.
An exploit has been released for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT software, allowing attackers to create new admin users on unpatched instances. While Fortra silently patched the bug in December, a technical analysis and proof-of-concept exploit have now been published, raising concerns about potential attacks. This comes after the Clop ransomware gang breached over 100 organizations by exploiting a different flaw in the same software, highlighting the ongoing threat to MFT platforms from cybercriminals.
Fortra warns of a critical authentication bypass vulnerability, CVE-2024-0204, in GoAnywhere MFT versions before 7.4.1, allowing unauthorized creation of admin users. The flaw, discovered in December 2023, could lead to device takeover and data breaches. Fortra advises immediate patching to version 7.4.1 and provides manual mitigation steps. While no active exploitation has been reported, the potential for PoC exploits exists. This follows a previous incident where the Clop ransomware gang exploited a different flaw in GoAnywhere MFT, causing widespread data theft attacks on numerous organizations.
Microsoft, Fortra, and Health-ISAC have launched a legal crackdown against servers hosting cracked copies of Cobalt Strike, a primary hacking tool used by cybercriminals. The US District Court for the Eastern District of New York has issued a court order allowing Microsoft and Fortra to seize domain names and take down IP addresses of servers hosting cracked versions of Cobalt Strike. The coalition aims to take the malicious infrastructure offline with the help of relevant computer emergency readiness teams and internet service providers. Cobalt Strike has become one of the most widely used tools in cyberattacks involving data theft and ransomware.
