Go Anywhere MFT

Daniel_Kavan — Thu, 14 Mar 2024 17:46:05 GMT

Has anyone tried to use Check Point's deep packet inspection SSH Deep Packet Inspection (checkpoint.com) over Go Anywhere MFT https://www.goanywhere.com/?

For one thing, goanywhere uses port 8022.

I see one other post in the community on Go Anywhere MFT but it's in Japanese.

Re: Go Anywhere MFT

the_rock — Thu, 14 Mar 2024 18:16:27 GMT

I found the link in Japanese and hit translate to English in google Chrome and this is what it gave 🙂

Andy

https://research.checkpoint.com/2023/27th-march-threat-intelligence-report/

**************************

This is an abridged version of the Check Point Research Team's Weekly Cybersecurity Threat Report for March 27 , 2023 .

For the original English version, please see here .

This week's TOP Cyber attacks and security breaches

A new victim of the Clop ransomware gang has been exposed, leveraging a zero-day security flaw ( CVE-2023-0669 ) in the Fortra GoAnywhere Managed File Transfer system for attack purposes. Among them are American luxury brand retailer Saks Fifth Avenue and the City of Toronto .

Check Point 's IPS , Threat Emulation , and Harmony Endpoint provide protection against this threat [GoAnywhere MFT Insecure Deserialization (CVE-2023-0669); Ransomware.Win.Clop; Ransomware_Linux_Clop_A; Ransomware_Linux_Clop_B] .

The city of Oak Ridge, Tennessee experienced network issues that appeared to be a ransomware attack affecting its technology systems . No ransomware group has yet claimed responsibility.
Italian luxury sports car manufacturer Ferrari has announced a data breach following an extortion attack on its IT systems . The leaked data consists of personal information of the company's customers, including their full names, addresses, email addresses, and phone numbers.
Bitcoin ATM manufacturer General Bytes has confirmed a breach that resulted in the theft of $ 1.6 million in cryptocurrency owned by the company and its customers . Threat actors exploited a zero-day vulnerability ( CVE-2023-28725 ) in the company's BATM management platform, the service interface used by Bitcoin ATMs to upload videos, by uploading a JavaScript script to run with BATM user privileges. I was able to do.
Australian consumer lender Latitude Financial Services has confirmed a major data breach . The leaked data consists of records of 14 million customers, including driver's license numbers, passport numbers, and financial statements. The data leaked includes driver license numbers for 7.9 million customers in Australia and New Zealand.
Early access cyber attacks belonging to the Chinese state-backed cyber espionage group APT41 have been confirmed to target the telecommunications sector in the Middle East . Threat actors infiltrate Internet-facing Microsoft Exchange servers to perform command execution, reconnaissance, credential theft, lateral movement, and data exfiltration activities.

Check Point 's Threat Emulation provides protection against this threat [ATP.Wins.ATP41] .

About vulnerabilities and patches

Cyber researchers share their findings on 55 zero-day vulnerabilities exploited in 2022 . It notes that Chinese state-backed cyber espionage groups have exploited more zero-days than any other cyber espionage actor. Four vulnerabilities were exploited by financially motivated threat actors, and 75% of them were related to ransomware.
Google has identified 18 zero -day vulnerabilities in Exynos modems . Four of them ( CVE-2023-24033 , CVE-2023-26496 , CVE-2023-26497 , CVE-2023-26498 ) allow threat actors to remotely compromise smartphone devices using only the victim's phone number. can.
Cisco has discovered two vulnerabilities in WellinTech 's industrial control system data manager KingHistorian . The first vulnerability is an information disclosure vulnerability ( CVE-2022-45124 ) that could allow an attacker to steal a user's personal information such as name and password. The second flaw ( CVE-2022-43663 ) could allow an attacker to cause a buffer overflow by sending malicious packets to a target machine.

Cyber threat intelligence report

Check Point Research has detected malicious packages in the Python package index , PyPI , that use phishing techniques to hide their malicious intent. This malicious package secretly downloads and executes obfuscated code as part of its installation process, posing a supply chain risk.

Check Point 's CloudGuard Spectral provides protection against this threat .
Cyber researchers have discovered a new variant of the FakeGPT Chrome extension named “ChatGPT-For-Google” based on an open source project. This affects thousands of victims every day. This variant uses malicious sponsored Google search results under the guise of ChatGPT integration for browsers to steal Facebook session cookies and compromise accounts.
Cyber researchers are sharing the tools, techniques, and procedures ( TTPs ) of North Korean state-sponsored cyber espionage group APT37 (also known as ScarCruft ). This threat actor primarily targets individuals in South Korean organizations through spear-phishing emails. APT37 also distributes Chinotto PowerShell- based backdoors using various attack vectors .

Check Point 's Harmony Endpoint provides protection against this threat [APT.Win.APT37] .

A new Android botnet , Nexus , has been observed in a global fraud campaign. Nexus is similar to the SOVA Android banking Trojan and primarily works to steal accounts from banking portals and cryptocurrency services. The malware is advertised on underground forums and Telegram as Malware-as-a-Service ( MaaS ).

*****************************

Re: Go Anywhere MFT

_Val_ — Fri, 15 Mar 2024 08:08:18 GMT

Wow, @the_rock what a work.

Or you could just post the link https://research.checkpoint.com/2023/27th-march-threat-intelligence-report/ to the original report.

Re: Go Anywhere MFT

the_rock — Fri, 15 Mar 2024 11:25:49 GMT

Ah, did not really do anything :). All I did was just hit translate from google Chrome on original post in Japanese, and then copy/paste whatever it gave in English, thats it.

Best,

Andy

topic Re: Go Anywhere MFT in Firewall and Security Management

Go Anywhere MFT

Re: Go Anywhere MFT

Re: Go Anywhere MFT

Re: Go Anywhere MFT