I’ll be honest – the last time someone asked me to assess my behavior was in therapy. Difficult? Yes. Who likes to audit themselves? But that process taught me something valuable: evaluating ourselves, even when uncomfortable, propels us forward. In my many conversations with security professionals, one common theme emerges. We need continuous progress forward as security organizations for the business.

An authentication bypass vulnerability, tracked as CVE-2024-0204, was discovered in Fortra's GoAnywhere MFT versions prior to 7.4.1 and allows an unauthorized user to create an admin user via the administration portal. This vulnerability has a CVSS score of 9.8 with a high potential for exploitation, which we expect to see in the short term due to a proof of concept (PoC) being available. Fortra informed customers on December 4, 2023, of the flaw via an internal forum post.

Atlassian recently disclosed a new critical vulnerability in its Confluence Server and Data Center product line, the CVE has a CVSS score of 10, and allows an unauthenticated attacker to gain Remote Code Execution (RCE) access on the vulnerable server. There is no workaround, the only solution being to upgrade to the latest patched versions.

On January 10th, 2024, Volexity reported that there is active exploitation in the wild against Ivanti Connect Secure (ICS) VPN devices. Ivanti and Volexity worked together to review impacted devices, and Volexity identified two different zero days, which have been assigned the following CVEs IDs.

Bug bounty hunting is a process where security researchers or hackers actively search for and identify security vulnerabilities or "bugs" in web applications, IoT devices, mobile applications, or even smart contracts. These vulnerabilities can range from relatively simple issues like cross-site scripting (XSS) or SQL injection to more complex and critical weaknesses that could potentially compromise the security and privacy of users' data.

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library – CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities.

Recent ransomware attacks on European organizations have attracted significant attention, primarily due to the involvement of threat actors with Russian connections or origins. Of particular concern is the latest attack on an IT service provider, which has had a profound impact on Swedish companies, government agencies, and municipalities.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

When a security incident happens, it’s one thing to reactively fix the issue, sweep it under the rug, and move on. It’s a whole other to respond to the situation with a proactive, forward-facing response — not only solving the existing issues but preparing the entire organization for the future. DISH Network did just that, responding to a significant security incident with new, shift-left initiatives that made their security and development teams stronger than ever.

CVE-2024-0204, a critical authentication bypass exploit in Fortra's GoAnywhere Managed File Transfer (MFT) software, allows unauthorized users to create admin users and bypass authentication requirements. GoAnywhere MFT was previously targeted by the Clop ransomware group with CVE-2023-0669. Fortra released a security advisory for CVE-2024-0204 in January 2024 following their December 2023 patch release. Any use of Fortra GoAnywhere MFT versions predating 7.4.1 are affected by the vulnerability.