Monday , December 9 2024

GoAnywhere Zero-Day Attack Hits Major Orgs

More organizations are emerging to confirm impact from the newly disclosed in-the-wild zero-day exploits hitting Fortra’s GoAnywhere managed file transfer (MFT) software.

Tracked as CVE-2023-0669, the vulnerability was publicly disclosed in early February alongside zero-day exploitation and a patch was released a week later.

Google’s released “Vanir” Open Sources Security Patch Validation Tool

Google has announced Vanir, an open-source tool for detecting and fixing security vulnerabilities, publicly available for developers. Vanir is a...
Read More
Google’s released “Vanir” Open Sources Security Patch Validation Tool

Hacker Claim 1tb, Deloitte denies, What Inside!

The spokesperson from Deloitte told two international media that, “No Deloitte systems have been impacted,”. The allegations relate to a...
Read More
Hacker Claim 1tb, Deloitte denies, What Inside!

New Windows zero-day: Exposes credentials, Gets unofficial patch

A newly found zero-day vulnerability lets attackers steal NTLM credentials by manipulating targets into opening a malicious file in Windows...
Read More
New Windows zero-day: Exposes credentials, Gets unofficial patch

Daily Security Update Dated: 07.12.2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 07.12.2024

Patch urgently: Hundred of CISCO switches impacted

A bootloader vulnerability in Cisco NX-OS affects over 100 switches, enabling attackers to bypass image signature checks. Cisco issued security...
Read More
Patch urgently: Hundred of CISCO switches impacted

Multiple ICS Advisories Released by CISA

On December 5, 2024, CISA issued two advisories regarding Industrial Control Systems (ICS). These advisories highlight current security issues, vulnerabilities,...
Read More
Multiple ICS Advisories Released by CISA

New DroidBot malware to attack 77 banks and CES globally

DroidBot is a sophisticated Android Remote Access Trojan (RAT) that merges traditional hidden VNC and overlay functions with spyware-like features....
Read More
New DroidBot malware to attack 77 banks and CES globally

Deloitte faces alleged cyber incident, claimed over 1tb stolen

Brain Cipher, a ransomware group that emerged in June 2024, claims to have stolen 1TB of data from Deloitte UK,...
Read More
Deloitte faces alleged cyber incident, claimed over 1tb stolen

Singapore embraces AI data centres with smarter cooling systems

AI and GPU operations are crucial for modern data centers, but they generate significant energy consumption and heat. A new...
Read More
Singapore embraces AI data centres with smarter cooling systems

Daily Security Update Dated: 04.12.2024

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated: 04.12.2024

Soon after, attacks targeting the security defect were linked to a Russian-speaking threat actor called ‘Silence’ that has been linked to the distribution of the Cl0p ransomware.

Over the past week, the ransomware group started posting on their Tor-based leak site the names of organizations allegedly impacted by the incident, including the City of Toronto, luxury brand retailer Saks Fifth Avenue, American education platform Pluralsight, consumer goods giant Procter & Gamble, mining company Rio Tinto, and the U.K.’s Pension Protection Fund (PPF).

Previously, sustainable energy giant Hitachi Energy, California-based digital bank Hatch Bank, cybersecurity firm Rubrik, and healthcare provider Community Health Systems confirmed impact from the GoAnywhere attack.

Responding to a SecurityWeek inquiry, the City of Toronto confirmed that some data was compromised in an incident at a third-party vendor, without specifically naming Fortra’s GoAnywhere service.

“The access is limited to files that were unable to be processed through the third-party secure file transfer system. The City is actively investigating the details of the identified files,” a City of Toronto official said.

Saks Fifth Avenue confirmed that some of its data was stolen following the GoAnywhere incident but claimed that no real customer data was impacted.

“Fortra, a vendor to Saks and many other companies, recently experienced a data security incident that led to mock customer data being taken from a storage location used by Saks. The mock customer data does not include real customer or payment card information and is solely used to simulate customer orders for testing purposes,” Saks told SecurityWeek.

Pluralsight says that it immediately discontinued the use of GoAnywhere after Fortra informed them of the incident, and that it also notified all affected customers of the risks associated with the attack.

In a statement on its website, PPF says that employee data was compromised in the GoAnywhere incident, and that it stopped using the service immediately after learning that.

P&G has confirmed that some employee data was stolen in the incident, but said the incident did not impact customer data, Social Security numbers or financial information.

Virgin confirmed not only the impact from the incident, but also that the Cl0p gang contacted them directly to claim possession of stolen data. “We were recently contacted by a ransomware group, calling themselves Cl0p, who illegally obtained some Virgin Red files via a cyber-attack on our supplier, GoAnywhere. The files in question pose no risk to customers or employees as they contain no personal data,” a Virgin Red spokesperson told SecurityWeek.

French digital transformation and hybrid cloud company Atos on Friday announced that the GoAnywhere incident impacted data associated with a specific Nimbix file transfer application.

“Our cybersecurity team has identified a backup folder from 2016 that was presumably exposed, due to a zero-day vulnerability known to be exploited by Cl0p. We are in contact with the clients concerned,” the company said.

According to Reuters, Rio Tinto informed employees last week that internal data, such as payroll information, was stolen in the GoAnywhere attack, and that the group responsible for the hack was threatening to release the data publicly. Rio Tinto did not respond to a SecurityWeek request for comment.

Check Also

Oracle

CIRT-in flags Critical Flaw in Oracle Agile PLM Framework

CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified …

Leave a Reply

Your email address will not be published. Required fields are marked *