BrianKrebs on Nostr: There is a newly discovered zero-day being used in the wild in yet another file ...
There is a newly discovered zero-day being used in the wild in yet another file transfer application -- in CrushFTP. It doesn't appear there is a CVE yet for this flaw.
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
Latest release that includes a patch is 11.1.0_3. Release notes:
https://crushftp.com/version11_build.html
Discussion on Reddit: https://old.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/?ref=news.risky.biz
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
Latest release that includes a patch is 11.1.0_3. Release notes:
https://crushftp.com/version11_build.html
Discussion on Reddit: https://old.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/?ref=news.risky.biz