Dear Cyber Leaders,
Does your business use the 3CX Desktop Application or GoAnywhere Managed-File-Transfer (MFT) software? If so, your devices and data could be vulnerable.
Fortra, the software developer company of GoAnywhere MFT, has identified a critical vulnerability. The company has issued an emergency patch (7.1.2) for the GoAnywhere vulnerability which allows attackers to transmit and process malicious code prior to authentication. Clop, a ransomware gang, claimed over one hundred victims exploiting this vulnerability. Therefore, it’s especially important that you update your software and devices immediately.
Meanwhile, Pierre Jourdan, the Chief Information Security Officer of 3CX, released a statement on April 1st urging customers to uninstall the desktop application on all devices and switch to their webpage services.
This news can seem stressful and confusing, however, the Cyber Readiness Institute (CRI) and its member organizations want to reassure you that you have the tools to secure your business from these and other vulnerabilities.
If you completed our Cyber Readiness Program and the downloadable Cyber Readiness Playbook, then you have an inventory of your critical business software and hardware, a schedule of your latest software updates, and an incident response plan to help you mitigate possible impacts. If you haven’t yet started our program or are developing your playbook, take immediate action to update your Fortra software and uninstall 3CX. This is the time to use these resources; you can access a template Playbook by logging into your account here.
CRI and our member organizations are committed to helping you protect your data, employees, vendors, and customers. If you have questions about accessing your Playbook, email us at info@cyberreadinessinstitute.org. You can learn more about the GoAnywhere vulnerability here and additional guidance on 3CX here.
Stay Cyber Ready,
Matias Casas
Director of Data and Infrastructure Design