![]() It said in a public advisory that the attack “could have resulted in unauthorised access to employee data in some countries”. Hitachi Energy was another to confirm it was one of the circa 130 victims from Cl0p’s attacks. Rubrik confirms data breach but evades Cl0p ransomware allegations Pension Protection Fund confirms employee data exposed in GoAnywhere breach New Rorschach ransomware almost twice as fast as LockBit Cl0p published a score of data belonging to the company on its dark web blog which appeared to include details of partner and customer business names, contact information, and purchase orders - an observation later confirmed in a public disclosure. It did not comment on whether ransomware was involved in the incident. GoAnywhere data breach: What organisations have been affected?Ĭyber security firm Rubrik was among the first to reveal it had been breached via exploitation of the GoAnwhere vulnerability. Full details can be found in Krebs’ post. The other mitigation measure in Fortra’s advisory instructed users to remove a servlet and servlet-mapping configuration on the file system where GoAnywhere MFT is installed. Rapid7 suggested this piece of advice could signal that Fortra had noticed follow-on activity from real-world exploits that could have seen attackers creating new admin users to maintain persistence on targeted machines. GoAnywhere customers were also advised to audit all admin users within the organisation and check for unrecognised usernames. Fortra advised any of its customers to work with its customer service team if they believe their consoles were exposed to the public internet. In most cases, such access can only be achieved from within a company, remotely via a company virtual private network (VPN), or by allow-listed IP addresses. The vulnerability can only be exploited through a compromised admin console, Fortra says, but its web client interface itself isn’t exploitable - just the admin interface. ![]() There is also a module already in the Metasploit hacking tool allowing for much easier exploitation. The vulnerability is a deserialisation bug which is exploited by sending a post request to the endpoint at ‘/goanywhere/lic/accept’, CloudSEK says. Attackers can abuse these vulnerabilities to run code, execute malware, steal data, and more - all without needing physical access to the targeted systems. The exploited vulnerability in GoAnywhere MFT, tracked as CVE-2023-0669, is a remote code execution (RCE) flaw - one of the most severe and damaging types of security weakness. GoAnywhere data breach: Zero-day vulnerability details Researchers from CloudSEK said (opens in new tab) at the time there were “thousands” of GoAnywhere admin panels that were vulnerable according to a Shodan scan indexing them running on port 8000. Using details from the advisory, proof of concept exploit code was developed and later circulated a day before Fortra could issue a patch for the vulnerability on 7 February. ![]() It was first brought to light by security expert Brian Krebs who copied Fortra’s advisory to a Mastodon instance. The Clop ransomware gang, alternately known as Cl0p, also has begun posting what it claims are the Social Security numbers and home addresses of Flagstar employees on a dark web leak site designed to extort the bank into paying up.Information about the issue was slowly disseminated throughout the industry via external reports. “Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of numerous Accellion clients who were impacted,” Flagstar said in a notice on its website. The software flaw has led to breaches at firms around the world, with hackers exploiting the Accellion vulnerability to victimize grocery chain Kroger, cybersecurity company Qualys, the Reserve Bank of New Zealand, the state of Washington, prominent law firm Jones Day (which counts former President Donald Trump among its clients) and perhaps others. 22, Accellion, an IT provider, relayed that a vulnerability in its file sharing platform had affected Flagstar. Michigan-based Flagstar Bank recently began notifying affected customers that on Jan. The Accellion hack has claimed another victim, this time a financial firm that boasts it’s the second-largest savings bank in the United States.
0 Comments
Leave a Reply. |