The Trustwave Spider Labs team uncovered Tycoon Group’s Phishing-as-a-Service operation, offering advanced phishing tools via Telegram. This system is designed to sidestep Microsoft’s two-factor authentication,…
GoAnywhere is a popular managed file transfer platform used by organisations to securely share files and data internally and with external partners. The software, created by HelpSystems, allows organisations to automate file transfers through encrypted protocols like SFTP, SCP, HTTPS and FTPS.
GoAnywhere helps organisations securely collaborate by exchanging sensitive documents and data with customers, trading partners and internal teams. It centralises and automates file transfers through a single platform with role-based access controls, encryption and detailed audit logs.
A major vulnerability has recently been discovered in GoAnywhere that could allow attackers to bypass authentication and access sensitive user data. The vulnerability, tracked as CVE-2024-0204, received a critical severity score of 9.8 out of 10 from the NIST National Vulnerability Database.
According to security researchers, the vulnerability allows remote attackers to bypass authentication by manipulating API requests to the GoAnywhere installation. Specifically, the API improperly handles session tokens, allowing an unauthenticated attacker to gain administrative access to the platform.
This vulnerability puts GoAnywhere customers at serious risk of data breaches, as an attacker could potentially gain access to login credentials, financial information, personal data, and other sensitive information stored and transferred via GoAnywhere. The vulnerability affects all supported versions of GoAnywhere before 7.2.4.
If your organisation uses the on-premise version of GoAnywhere MFT, it is crucial you upgrade to version 7.2.4 or later as soon as possible to patch this vulnerability. Versions 7.2.4, 8.0.0, 8.0.1 and 8.1.0 have addressed this vulnerability.
Even if you use the cloud version of GoAnywhere MFT, it is recommended you enable multi-factor authentication (MFA) if you have not already done so. MFA will provide an extra layer of protection in the event an attacker is able to bypass the standard authentication process.