Exploit Code Released For Fortra GoAnywhere MFT Flaw | allinfosecnews.com

Jan. 24, 2024, 8:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT) software.

Fortra on Monday publicly disclosed the vulnerability in an advisory, but the patch was made available to customers earlier on Dec. 7. The flaw (CVE-2024-0204) could enable remote, unauthenticated attackers to bypass authentication in order to create new users in the application. The proof-of-concept code released on Jan. 23 by researchers at Horizon3.ai outlines how the flaw can be exploited …

advisory attackers bypass code concept critical critical vulnerability customers cve dec enable exploit exploit code file file transfer flaw fortra fortra goanywhere fortra goanywhere mft goanywhere goanywhere mft managed managed file transfer mft monday patch proof proof-of-concept software transfer unauthenticated vulnerability

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Deepfakes and AI-Driven Disinformation Threaten Polls 5 minutes ago | malware.news

access article campaigns deepfakes +13

Malware development trick 38: Hunting RWX - part 2. Target process investigation tricks. Simple C/C++ … 10 minutes ago | malware.news

cybersecurity development hackers hello +16

Beyond the Evidence: Leveraging Decision Intelligence to Drive Better Outcomes in Digital Forensics 41 minutes ago | malware.news

beyond communications crime decision +18

Graph: Growing number of threats leveraging Microsoft API an hour ago | malware.news

api article blogs cloud +12

The Future of Passwordless Authentication in Cybersecurity an hour ago | malware.news

actions authentication biometric clicking +15

Vulnerability in CraftBeerPi 4 software an hour ago | malware.news

article cert cert polska cve +9

Operation PANDORA shuts down 12 phone fraud call centres 3 hours ago | malware.news

bank call cash customer +16

Security Awareness Service Release on April 29, 2024 3 hours ago | malware.news

april article awareness delivery +12

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps 4 hours ago | malware.news

android android apps application applications +24

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC

@ SAP | Dublin 24, IE, D24WA02

View on infosec-jobs.com

Product Security Response Engineer

@ Intel | CRI - Belen, Heredia

View on infosec-jobs.com

Application Security Architect

@ Uni Systems | Brussels, Brussels, Belgium

View on infosec-jobs.com

Sr Product Security Engineer

@ ServiceNow | Hyderabad, India

View on infosec-jobs.com

Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)

@ FiscalNote | United Kingdom (UK)

View on infosec-jobs.com