Bleeping Computer

Exploit for CrushFTP RCE chain released, patch now

Additional measures that can be implemented to enhance CrushFTP security further include: Using a limited privilege operating system service account for CrushFTP. Deploying Nginx or Apache as a ...
heise online

CrushFTP: New CVE entry and details of attacked vulnerability

Attacks on a vulnerability in the CrushFTP data transfer software have been known on the Internet since last week. The initial vulnerability description remained extremely superficial and only ...
heise online

CrushFTP: Older versions can grant unauthorized admin access

Anyone using CrushFTP for data transfer should check that the version they are using is up to date. Last Friday, the development team discovered attacks in the wild on older versions, which in the ...