There is a newly discovered zero-day being used in the wild in yet another file transfer application -- in CrushFTP. It doesn't appear there is a CVE yet for this flaw.
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
Latest release that includes a patch is 11.1.0_3. Release notes:
https://crushftp.com/version11_build.html
Discussion on Reddit: https://old.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/?ref=news.risky.biz
BrianKrebs /
npub1vc…0axsh
2024-04-22 12:32:27
Author Public Key
npub1vc39pnjdqd77zzdxff4qyv8h3x0ey2mkx33c3vl8egr0a9ysxkxsk0axshPublished at
2024-04-22 12:32:27Event JSON
{
"id": "22a29d9a10ae9f197bd21ea4d97ad4dfe643b32de33647f7bc39641210ef0ecb",
"pubkey": "662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d",
"created_at": 1713789147,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/briankrebs/statuses/112314885594799279",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/briankrebs/statuses/112314885594799279",
"pink.momostr"
]
],
"content": "There is a newly discovered zero-day being used in the wild in yet another file transfer application -- in CrushFTP. It doesn't appear there is a CVE yet for this flaw. \n\nhttps://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update\n\nLatest release that includes a patch is 11.1.0_3. Release notes: \n\nhttps://crushftp.com/version11_build.html\n\nDiscussion on Reddit: https://old.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/?ref=news.risky.biz",
"sig": "46420462ad971cc64048440f62e1f85e21ae43b11f488240f0f7a8bad836dd2839263f45b6d42a4dd63d5d22ea00819c80e2b5aecc45fb6da735f2671415bd72"
}