The developers behind the GoAnywhere managed file transfer (MFT) software have released a patch for a critical zero-day vulnerability. The flaw was identified recently and warnings of active exploitation emerged roughly a week ago. The company behind the software has not released any details about the attacks targeting the vulnerability. Security firm Fortra alerted GoAnywhere MFT users on February 1, releasing a security notification about the vulnerability.
Fortra has released two other security notifications since then, each of which provide advice for users on how to mitigate the security risks as well as indicators of compromise. GoAnywhere users have been encouraged to install the patch immediately to avoid the risk of exploitation. GoAnywhere stated that customers running an admin portal exposed to the Internet are particularly at risk of exploitation.
Read More: Patch Released for Actively Exploited GoAnywhere MFT Zero-Day