Security News > 2023 > October > Security researchers believe mass exploitation attempts against WS_FTP have begun
Security researchers have spotted what they believe to be a "Possible mass exploitation" of vulnerabilities in Progress Software's WS FTP Server.
Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS FTP. Progress released fixes for eight separate vulnerabilities in WS FTP on Wednesday, including one rated a maximum score of 10 on the CVSS severity scale.
After analyzing the exploit chain, researchers concluded that the process appeared to be uniform across all the incidents they were alerted to, which could potentially indicate a cyber crim is attempting a mass-scale exploitation attempt of vulnerable WS FTP instances.
Rapid7 stressed the importance of upgrading to the latest version of WS FTP as soon as possible, which comes with the required updates to address the security issues that affect a wide range of previous versions of the software.
The issues affecting WS FTP are the latest in what has been a challenging year for the software firm behind the product.
As a result of the mass exploitation of MOVEit Transfer, Progress is facing a swathe of lawsuits because of the attacks which are still ongoing months after they began in June.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/02/ws_ftp_update/
Related news
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers (source)
- Researchers find SQL injection to bypass airport TSA security checks (source)
- Security Researcher Sued for Disproving Government Statements (source)
- Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool (source)