Any users of GoAnywhere MFT should assume compromise, and remove public-facing internet access to the tool and rotate the master encryption key and any passwords used for access. The security bulletin released by the developer includes a stacktrace that administrators can look for in the logs to determine if the exploit was uses against the system. Additionally, administrators should deploy the security patch as soon as change management allows. Companies should endeavor to always bring systems that must be accessed from outside the company behind a VPN to mitigate the impact of a zero-day such as this one, but when this is not possible, administrators can implement access controls to limit access to specific addresses.
https://www.bleepingcomputer.com/news/security/exploit-released-for-actively-exploited-goanywhere-mft-zero-day/
