<blockquote>Note: This article is based on documentation from Bleeping Computer. Source: <a href="https://www.bleepingcomputer.com/news/security/goanywhere-mft-zero-day-vulnerability-lets-hackers-breach-servers/">https://www.bleepingcomputer.com/news/security/goanywhere-mft-zero-day-vulnerability-lets-hackers-breach-servers/</a></blockquote>
<h2><strong>What is GoAnwhere MFT Zero-Day Exploit?</strong></h2>
<p>GoAnywhere MFT is a secure web file transfer solution that allows companies to transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.</p>
<p>A Zero-Day Remote Code Injection exploit was identified in GoAnywhere MFT, according to Bleeping Computer.</p>
<h2><strong>ThreatLocker Mitigation: </strong></h2>
<ul>
<li>Firstly, <strong><ins>DO NOT</ins></strong> permit the application through our <strong>Allowlisting</strong> solution.</li>
<ul>
<li>If you must permit it, use <strong>Ringfencing</strong> to protect/restrict file access.</li>
</ul>
<li>Use <strong>Network Access Controls</strong> to block all unknown ports.</li>
<ul>
<li>This will mitigate the threat as it is a SAAS product and requires the exposing of a port 8000+ to work.</li>
</ul>
</ul>


Note: This article is based on documentation from Bleeping Computer. Source: https://www.bleepingcomputer.com/news/security/goanywhere-mft-zero-day-vulnerability-lets-hackers-breach-servers/
What is GoAnwhere MFT Zero-Day Exploit?
GoAnywhere MFT is a secure web file transfer solution that allows companies to transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.
A Zero-Day Remote Code Injection exploit was identified in GoAnywhere MFT, according to Bleeping Computer.
ThreatLocker Mitigation: 
Firstly, DO NOT permit the application through our Allowlisting solution.
If you must permit it, use Ringfencing to protect/restrict file access.
Use Network Access Controls to block all unknown ports.
This will mitigate the threat as it is a SAAS product and requires the exposing of a port 8000+ to work.

ThreatLocker Mitigation and GoAnywhereMFT Zero-Day Exploit

Preventing the Exploitation of 3CX 

Preventing the Exploitation of CVE-2023-23397

Microsoft Peer-to-Peer Updates

ThreatLocker Endpoint Security Quality Guarantee

Eaglesoft and ThreatLocker Computers Not Checking In

Preventing the Exploitation of CVE-2022-30190 (Follina)

Applying Policies to Users or Active Directory Groups

Blocking and Permitting USB Drives

Changes to Adobe 6/8/2021 

Computer failing to update

Create a Computer Group that does not learn

Creating a New Administrator

Default Computer Group Policies

Deploying Policies

Diagnosing an Application with an issue

Email Parsing Rules in ConnectWise Manage

Event Log Error Key

Excluded Processes

Getting your Unique Identifier from ThreatLocker

Hermetic Wiper: ThreatLocker Recommended Policy

Log4J Vulnerability

Managing Application Definitions

Managing Application Policies

Merging Application Definitions

Notifications for Requests

Permitting All Signed Files in a Directory

Permitting Blocked Files

Permitting Software from the Approval Center

Permitting Software From the Computers Page

Preventing BCDEdit From Being Weaponized

Preventing Bitlocker from being Weaponized

Response to Reports of Webroot Compromised File

Restarting the ThreatLocker Agent

Setting the ThreatLocker Agent Update Channel 

Setting Up SMS Alerts for ThreatLocker Requests

Setting up the Active Directory Sync Service

ThreatLocker Application Control Agent Data Collection

ThreatLocker Override Codes

ThreatLocker Popup is not happening when something is blocked

ThreatLocker Portal Performance 

ThreatLocker Stub Installer

Trusting an Application by a Certificate

Uninstalling the ThreatLocker Agent

Updating the ThreatLocker Version on a Single Computer

Updating ThreatLocker to the Latest Version

User Permissions 

Using Learning Mode to Track Installed Files from an RMM or Software Deployment Tool

Using the Console App to Verify the ThreatLocker MAC Agent is Running

Using the ThreatLocker Unified Audit

Using ThreatLocker to Mitigate CVE-2021-40444

Why is an application that matches a built-in application being blocked?

Windows 11 Upgrade and ThreatLocker 

ThreatLocker Security and Privacy

Trial Expiry

The ThreatLocker Testing Environment

Allowing ThreatLockerService to Retrieve your AD Groups

Customer Deal Registration

Preventing the Exploitation of CVE-2023-2033

Rubber Ducky Data Exfiltration | Google Bucket

Preventing the Exploitation of MOVEit Vulnerability (CVE-2023-34362)

Changes to Elevation in ThreatLocker Version 8.2

Browser Extensions Affecting the ThreatLocker Testing Environment

Retrieving Your Computer ID

ThreatLocker Agent Tray

Protecting Fileservers While Allowing Remote Machines to Access Shared Files



Browser Extensions Affecting ThreatLocker Portal Performance

How to Use .NET Regex Within ThreatLocker

SSL Inspection

Windows Built-Ins

ThreatLocker Health Center and Health Report

Portal 2.0.1 Maintenance Mode Permission Changes

Guide to the TLProxyTester Application

Configuring Defender Virus & Protection Settings using Configuration Manager

General

Search our Knowledge Base