202329 Sep

MOVEit maker announces new critical vulnerability affecting a different file transfer tool


Progress Software — the company behind the widely exploited MOVEit file transfer tool — said this week that one of their other products, WS_FTP Server, has several vulnerabilities that need to be patched immediately. Thousands of IT teams depend on WS_FTP Server for “the unique business-grade features required to assure reliable and secure transfer of critical data,” according to the company. CVE-2023-40044 was discovered by two security experts from AssetNote, CTO Shubham Shah and engineering lead Sean Yeoh, and would allow a hacker to execute commands on a victim system. Dustin Childs – head of threat awareness at Trend Micro’s Zero Day Initiative – told Recorded Future News this summer that defenders should be on the lookout for file transfer software attacks because they are in the “very soft middle” of organizations’ networks. “Attackers – especially the ransomware crews – are gonna start looking at those [file transfer zero days] because people are getting a little smarter with not clicking on stuff and not responding to the scam emails,” he said.

Source: Therecord