politics

CrushFTP Zero-Day Exploited in Targeted Attacks: What You Need to Know

Read Insight

Apr 22, 2024 — 1 min read

CrushFTP Zero-DayVulnerability Exploited in Targeted Attacks

CrushFTP, a file transfer server software, has announced that a zero-day vulnerability affecting its FTP software could allow users to download system files. The company has released an advisory noting that the flaw has been patched in version 11.1.0. This vulnerability was discovered by Simon Garrelou from the Airbus CERT and according to Crowdstrike experts, it has been exploited in the wild in targeted attacks.

Crowdstrike Detects Attacks in the Wild

On April 19, 2024, CrushFTP advised on a virtual file system escape from their FTP software that could allow users to download system files. The company stated that versions prior to 11.1.0 were affected and that the vulnerability had been patched in 11.1.0. CrushFTP added that customers using a DMZ in front of their main CrushFTP instance are protected with its protocol translation system.

Crowdstrike has reported that they observed the exploit being used in the wild in a targeted fashion, adding that the vulnerability has yet to receive a CVE. These types of file transfer protocol vulnerabilities can potentially have serious consequences for enterprises and their customers. We can expect further details to emerge on the attacks observed in the wild as additional research is published on this vulnerability.

crushFTP 11.1.0

CrushFTP has released an update to mitigate this issue, and organizations are advised to update their software immediately to ensure they are protected against this vulnerability. Furthermore, to reduce the risk of exploitation, it's essential to have a comprehensive vulnerability management program in place to detect and address security flaws promptly. This zero-day discovery highlights the continued targeting of software vulnerabilities by threat actors and the swift action they take to exploit these flaws.

Background on CrushFTP

CrushFTP is a robust file transfer server software that supports various protocols, including FTP, SFTP, FTPS, HTTP, HTTPS, WebDAV, and WebDAV SSL. It offers users secure and efficient file transfer capabilities and provides extensive customization options suitable for businesses and organizations. It also supports automation and scripting, along with user management capabilities.

Apple TV+: Watch Apple Original Shows and Movies on Any Device

Apple TV+: Original Shows and Movies on Any Device Apple TV+ is a streaming service that offers exclusive Apple original TV shows and movies in 4K HDR quality. You can watch across all of your screens and pick up where you left off on any device. Apple TV+ costs $9.

The greatest Olympians of the 21st century

1. Michael Phelps, swimming: Record 28-time Olympic medalist, 23-time Olympic gold medalist, most gold medals at a single Olympics when he won eight at Beijing in 2008. 2. Simone Biles, gymnastics: Seven-time Olympic medalist (tied for most by American gymnast), four Olympic gold medals (2016, tied for most by female

Surge in Retail Interest Places BioTech Stocks in Focus

The recent surge in interest from retail and professional financial investors in the biotech sector has put several companies and their stocks in the spotlight. The emerging companies are exploring various therapies, including neurodegenerative diseases, cancer, and immunology-focused biopharmaceuticals. Here is a recap of the emerging biotech companies: Aptevo Therapeutics

The Family That Couldn't Sleep: A History of Prion Diseases

The book "The Family That Couldn't Sleep: A History of Prion Diseases" by D.T. Max published in 2006 provides a riveting account of the origins and progression of prion diseases, specifically focusing on theVenetian family afflicted by a mysterious insomnia-induced illness that eventually develops into