Kowatek Solar LTD
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site

Clop Ransomware Group Exploits GoAnywhere MFT Flaw

A ransomware gang known as Clop has been observed exploiting a pre-authentication command injection vulnerability (CVE-2023-0669) in Fortra’s file transfer solution GoAnywhere MFT.

According to a new advisory from CloudSEK security experts, the high-level vulnerability has a CVSS:3.1 score of 7.2 and was exploited against multiple companies in the US and elsewhere.

This flaw stems from a deserialization bug that can be exploited by sending a post request to the endpoint. CloudSEK warned that a Metasploit module that exploits the vulnerability is also available.

“This CVE exploit was available the day before the patch (7.1.2) was released on February 7, 2023. Many GoAnywhere vulnerable admin panels were found indexed in Shodan. Did. [a search engine for Internet-connected devices] It’s running on port 8000,” read the technical article.

The company revealed that only the GoAnywhere admin interface is vulnerable to the exploit used by the Clop ransomware group, not the web client interface that most people use.

More information about Clop can be found here: Clop ransomware gang member arrested in Ukraine

An attacker could still search the internet for the web client interface and try to find the admin panel with the same IP.

“Shodan search results show thousands of GoAnywhere web panels published on the web,” writes CloudSEK. “Of these thousands, about 94 are running on port 8000 or port 8001, and the admin panel is […] located. To run code remotely, simply make a post request to the vulnerable endpoint. ”

To mitigate the impact of this vulnerability, CloudSEK advised system defenders to update their machines to the latest GoAnywhere version and stop exposing port 8000 (the internet location of the GoAnywhere MFT admin panel).

Admin user accounts should also be checked for suspicious activity such as unrecognized usernames, accounts created by an unknown “system”, suspicious account creation timing, and account creation by disabled or nonexistent super users. there is.

The CloudSEK advisory follows Microsoft’s report last October linking the Raspberry Robin worm actor to the Clop and LockBit ransomware groups.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us