Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the enterprise file transfer program CrushFTP are being advised to update to the most recent version after a security weakness was found to be intentionally exploited in the wild.

In an alert published on Friday, CrushFTP stated that “users can escape their VFS and download system files with CrushFTP v11 versions below 11.1.” “This has been patched in v11.1.0.”

Nevertheless, users that are running their CrushFTP instances in a limited environment within a demilitarized zone (DMZ) are shielded from the attacks.

It has been acknowledged that Simon Garrelou of Airbus CERT found and reported the vulnerability. It does not yet have a CVE assigned to it.

It is believed that U.S. organizations have been the primary target of these hacks, and the intelligence collection activity may have been politically motivated read more Critical Update CrushFTP Zero-Day Flaw Exploited in Targeted Attacks.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *