檔案伺服器軟體CrushFTP存在零時差漏洞,攻擊者可逃脫虛擬檔案系統下載伺服器的系統檔案
· 2024-04-23
檔案伺服器軟體CrushFTP開發團隊近日針對用戶提出警告,有人利用零時差漏洞CVE-2024-4040從事攻擊行動,呼籲用戶儘速套用新版程式來進行修補
CrushFTP
4月19日檔案伺服器系統CrushFTP發布資安公告,指出他們發布10.7.1、11.1.0新版本程式,修補已遭利用的零時差漏洞CVE-2024-4040,呼籲用戶應儘速部署新版程式因應。
該公司指出,一旦攻擊者利用上述漏洞,就有機會逃脫使用者的虛擬檔案系統(Virtual File System,VFS),從而存取、下載伺服器的系統檔案,CVSS風險評分為7.7。
雖然開發團隊並未透過攻擊細節,但資安業者CrowdStrike指出,這項漏洞被用於針對性攻擊,對方鎖定美國企業組織的CrushFTP伺服器下手,研究人員根據取得的證據,認為駭客很可能基於政治目標收集情報。
Popular articles
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Kazakhstan plans to penalise online casino promotions
Regulation
