"GoAnywhere MFT Zero-Day Vulnerability Lets Hackers Breach Servers"

Customers of the GoAnywhere MFT file transfer solution are being warned of a zero-day Remote Code Execution (RCE) vulnerability on exposed administrator consoles. GoAnywhere is a secure web file transfer system that enables organizations to transfer encrypted data to their partners securely while maintaining detailed audit logs of file access. The GoAnywhere security advisory was made public by the reporter Brian Krebs, who posted a copy on Mastodon. A customer who received the message revealed that this affects both on-premise and Software-as-a-Service (SaaS) deployments of GoAnywhere. According to the security advisory, the exploit requires access to the administrative console, which ordinarily should not be exposed to the Internet. This article continues to discuss the potential exploitation and impact of the GoAnywhere MFT zero-day RCE vulnerability.

Bleeping Computer reports "GoAnywhere MFT Zero-Day Vulnerability Lets Hackers Breach Servers"