CrushFTP Vulnerability Exploited in Wild to Execute Remote Code | allinfosecnews.com

May 8, 2024, 12:39 p.m. | Divya

GBHackers On Security gbhackers.com

A critical vulnerability in CrushFTP, identified as CVE-2024-4040, has been actively exploited in the wild. It allows attackers to perform unauthenticated remote code execution on vulnerable servers. This severe security flaw affects versions of CrushFTP before 10.7.1 and 11.1.0, enabling attackers to bypass the Virtual File System (VFS) sandbox, gain administrative privileges, and potentially access […]

The post CrushFTP Vulnerability Exploited in Wild to Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News …

actively exploited attackers bypass code code execution critical critical vulnerability crushftp cve cve-2024 cve-2024-4040 cyber security execute remote code exploited file file system flaw in the wild remote code remote code execution sandbox security security flaw servers system unauthenticated virtual virtual file system vulnerability vulnerability exploited vulnerable

More from gbhackers.com / GBHackers On Security

Sticky Werewolf Weaponizing LNK Files Group Attacking To Attack Organizations 1 day, 10 hours ago | gbhackers.com

act archive attachments attack +30

GoldPickaxe iOS Malware Harvests Facial Recognition Data & Bank Accounts 1 day, 10 hours ago | gbhackers.com

accounts android android malware app +25

Muhstik Malware Attacking Apache RocketMQ To Execute Remote Code 2 days, 12 hours ago | gbhackers.com

access apache apache rocketmq aqua +31

Hacktivist Groups Attacking Industrial Control Systems To Disrupt Services 2 days, 13 hours ago | gbhackers.com

attacks can control control systems +33

North Korean Kimsuky Attacking Arms Manufacturer In Europe 2 days, 13 hours ago | gbhackers.com

arms attack attack vector campaign +19

SPECTR Malware Attacking Defense Forces of Ukraine With a batch script 2 days, 14 hours ago | gbhackers.com

batch campaign center cert +22

300+ Times Downloaded Package from PyPI Contains Wiper Components 2 days, 17 hours ago | gbhackers.com

components cyber security cyber-security-course downloader +16

Tenable Acquires Eureka Security To Provide Data Security Across Infrastructure 2 days, 18 hours ago | gbhackers.com

acquisition agreement bolster capabilities +23

Microsoft Details On Using KQL To Hunt For MFA Manipulations 2 days, 19 hours ago | gbhackers.com

accounts attributes audit logs authentication +30

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com