Urgent Update: Zero-Day Flaw in CrushFTP Software Exposes U.S. Entities to Cyber Attacks

April 20, 2024
Urgent Update: Zero-Day Flaw in CrushFTP Software Exposes U.S. Entities to Cyber Attacks
Tech
Tech
Cybersecurity
Cybersecurity

  • A severe zero-day vulnerability found in CrushFTP software enables unauthorized system file downloads.

  • Crowdstrike reported the vulnerability is being exploited in targeted attacks, primarily against U.S. entities, with potential political motives.

  • The vulnerability has been addressed in CrushFTP version 11.1.0, with users strongly recommended to update immediately.

  • No CVE has been assigned to the vulnerability at this time, increasing concerns about CrushFTP's security posture.

  • Users should monitor the vendor's website for updates and prioritize applying the patch to prevent exploitation.

Summary based on 2 sources

Get a daily email with more Tech stories

Sources

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

The Hacker News • Apr 20, 2024

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
Critical CrushFTP zero-day exploited in attacks in the wild

Security Affairs • Apr 20, 2024

Critical CrushFTP zero-day exploited in attacks in the wild

More Stories