This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
Advisor
‎2024-03-14 10:46 AM

Go Anywhere MFT

 

Has anyone tried to use Check Point's deep packet inspection SSH Deep Packet Inspection (checkpoint.com) over Go Anywhere MFT https://www.goanywhere.com/?

For one thing, goanywhere uses port 8022.

I see one other post in the community on Go Anywhere MFT but it's in Japanese.

 

 

(1)
3 Replies
the_rock
Legend
Legend
‎2024-03-14 11:15 AM

I found the link in Japanese and hit translate to English in google Chrome and this is what it gave 🙂

Andy

https://research.checkpoint.com/2023/27th-march-threat-intelligence-report/

**************************

 

Weekly Cybersecurity Threat Report (March 27, 2023 edition) “This week also reports of zero-day damage to GoAnywhere MFT, malicious package detected on PyPI, etc.”

This is an abridged version of the Check Point Research Team's Weekly Cybersecurity Threat Report for March 27 2023 .

For the original English version, please see here .

 

This week's TOP Cyber ​​attacks and security breaches

  • A new victim of the Clop ransomware gang has been exposed, leveraging a zero-day security flaw ( CVE-2023-0669 ) in the Fortra GoAnywhere Managed File Transfer system for attack purposes. Among them are American luxury brand retailer Saks Fifth Avenue and the City of Toronto .

Check Point 's IPS , Threat Emulation , and Harmony Endpoint provide protection against this threat [GoAnywhere MFT Insecure Deserialization (CVE-2023-0669); Ransomware.Win.Clop; Ransomware_Linux_Clop_A; Ransomware_Linux_Clop_B] .

  • The city of Oak Ridge, Tennessee experienced network issues that appeared to be a ransomware attack affecting its technology systems . No ransomware group has yet claimed responsibility.

  • Italian luxury sports car manufacturer Ferrari has announced a data breach following an extortion attack on its IT systems . The leaked data consists of personal information of the company's customers, including their full names, addresses, email addresses, and phone numbers.

  •  Bitcoin ATM manufacturer General Bytes has confirmed a breach that resulted in the theft of $ 1.6 million in cryptocurrency owned by the company and its customers . Threat actors exploited a zero-day vulnerability ( CVE-2023-28725 ) in the company's BATM management platform, the service interface used by Bitcoin ATMs to upload videos, by uploading a JavaScript script to run with BATM user privileges. I was able to do. 

  • Australian consumer lender Latitude Financial Services has confirmed a major data breach . The leaked data consists of records of 14 million customers, including driver's license numbers, passport numbers, and financial statements. The data leaked includes driver license numbers for 7.9 million customers in Australia and New Zealand.

  • Early access cyber attacks belonging to the Chinese state-backed cyber espionage group APT41 have been confirmed to target the telecommunications sector in the Middle East . Threat actors infiltrate Internet-facing Microsoft Exchange servers to perform command execution, reconnaissance, credential theft, lateral movement, and data exfiltration activities.

Check Point 's Threat Emulation provides protection against this threat [ATP.Wins.ATP41] .

 

About vulnerabilities and patches

  • Cyber ​​researchers share their findings on 55 zero-day vulnerabilities exploited in 2022 . It notes that Chinese state-backed cyber espionage groups have exploited more zero-days than any other cyber espionage actor. Four vulnerabilities were exploited by financially motivated threat actors, and 75% of them were related to ransomware.

  • Google has identified 18 zero -day vulnerabilities in Exynos modems . Four of them ( CVE-2023-24033 , CVE-2023-26496 , CVE-2023-26497 , CVE-2023-26498 ) allow threat actors to remotely compromise smartphone devices using only the victim's phone number. can.

  • Cisco has discovered two vulnerabilities in WellinTech 's industrial control system data manager KingHistorian . The first vulnerability is an information disclosure vulnerability ( CVE-2022-45124 ) that could allow an attacker to steal a user's personal information such as name and password. The second flaw ( CVE-2022-43663 ) could allow an attacker to cause a buffer overflow by sending malicious packets to a target machine.

     

Cyber ​​threat intelligence report

  • Check Point Research has detected malicious packages in the Python package index , PyPI , that use phishing techniques to hide their malicious intent. This malicious package secretly downloads and executes obfuscated code as part of its installation process, posing a supply chain risk.

    Check Point 's CloudGuard Spectral provides protection against this threat .

  • Cyber ​​researchers have discovered a new variant of the FakeGPT Chrome extension named “ChatGPT-For-Google” based on an open source project. This affects thousands of victims every day. This variant uses malicious sponsored Google search results under the guise of ChatGPT integration for browsers to steal Facebook session cookies and compromise accounts.

  • Cyber ​​researchers are sharing the tools, techniques, and procedures ( TTPs ) of North Korean state-sponsored cyber espionage group APT37 (also known as ScarCruft ). This threat actor primarily targets individuals in South Korean organizations through spear-phishing emails. APT37 also distributes Chinotto PowerShell- based backdoors using various attack vectors .

Check Point 's Harmony Endpoint provides protection against this threat [APT.Win.APT37] .

  • A new Android botnet , Nexus , has been observed in a global fraud campaign. Nexus is similar to the SOVA Android banking Trojan and primarily works to steal accounts from banking portals and cryptocurrency services. The malware is advertised on underground forums and Telegram as Malware-as-a-Service ( MaaS ).

*****************************

0 Kudos
_Val_
Admin
Admin
‎2024-03-15 01:08 AM
In response to the_rock

Wow, @the_rock what a work.

Or you could just post the link https://research.checkpoint.com/2023/27th-march-threat-intelligence-report/ to the original report.

0 Kudos
the_rock
Legend
Legend
‎2024-03-15 04:25 AM
In response to _Val_

Ah, did not really do anything :). All I did was just hit translate from google Chrome on original post in Japanese, and then copy/paste whatever it gave in English, thats it.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events