CVE-2024-0204 in GoAnywhere MFT is a Ticking Time Bomb
Image source: Shutterstock More than 96% of GoAnywhere MFT assets that security vendor Tenable observed on Jan 23 were vulnerable. Mass attacks could soon begin against a critical authentication bypass flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) technology following the release of a proof-of-concept exploit for it this week. Fortra informed customers privately about […]
Read More
Exploit Available for Docker Versions of ownCloud Affected by Recent Max. Severity Bug
Image credit: Shutterstock More than 4,000 ownCloud instances remain exposed to attack via CVE-2023-49103; CISA adds vuln to KEV catalog. Attack surface management vendor Onyphe has discovered a total of 4,129 Internet-connected instances of ownCloud that are exposed to attack via the recently disclosed unauthenticated disclosure vulnerability (CVE-2023-49103) in the open-source file sharing and synchronization […]
Read More
Researchers Report Attacks Targeting Max Severity Bug in Progress Software’s WS_FTP
Image source: Shutterstock The in-the-wild exploit activity could be a harbinger of things to come. As happened with a zero-day bug in Progress Software’s MOVEit file transfer software earlier this year, attackers have already started targeting a maximum severity vulnerability and other flaws the company disclosed last week in its WS_FTP Server file transfer technology. […]
Read More
Multiple APTs Exploiting Zimbra Vulnerability CVE-2022-41352
Patch or mitigate now [300 words] What: Organizations using Zimbra Collaboration suite (ZCS) 8.8.15 and 9.0 should immediately update to Zimbra 9.0.0 P27 released on October 10. Those that cannot should implement Zimbra’s recommended workaround which is to install the pax utility and restart Zimbra services. Ubuntu-based Zimbra installations are not impacted because pax is […]
Read More