Many organizations continue to be vulnerable to a zero-day flaw in Fortra's GoAnywhere Managed File Transfer system, tracked as CVE-2023-0669, despite widespread exploitation by the Clop ransomware gang since February, reports The Record, a news site by cybersecurity firm Recorded Future.
Despite a 46% drop in exposed GoAnywhere admin panels since the emergence of a patch, such panels remained in 179 hosts more than two months after the zero-day vulnerability's disclosure, 30% of which continued to be unpatched, a report from Censys revealed.
"A single vulnerable instance has the potential to serve as a gateway to a data breach that could potentially impact millions of individuals," said Censys security researcher Himaja Motheram.
ALPHV/BlackCat ransomware has also been reported by security firm At-Bay to have leveraged the vulnerability to compromise an unnamed U.S.-based firm in February.
"Executing a ransomware attack by targeting the GoAnywhere MFT vulnerability is extremely easy with the exfiltration of data near certain, and the fast delivery of the payload also guaranteed," said At-Bay.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.