I’m reading about a [large breach](https://vulnera.com/newswire/brightline-data-breach-affects-over-780k-pediatric-mental-health-patients/) of Protected Health Information (PHI) that affected over 780,000 patients. From the article:
> The breach occurred after a ransomware gang exploited a zero-day vulnerability ([CVE-2023-0669](https://nvd.nist.gov/vuln/detail/CVE-2023-0669)) in the company’s Fortra GoAnywhere MFT secure file-sharing platform.
The description of the problem comes from NIST’s National Vulnerability Database (2nd link)”
> Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
My understanding of a zero-day vulnerability is that it means there’s a publicly known weakness that hasn’t been fixed yet, but I haven’t found simplified explanations of how the hackers got the data.
In: 1
Sounds like they just searched for servers running the old unpatched version. This one was patched almost immediately by Fortra on 6 Feb, but that still requires updating. If I was looking to hack medical data, I would look for stuff like this and then probe for servers still running the old version.
Latest Answers