Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers have observed multiple instances of WS_FTP exploitation in the wild, with two different attack chains. The exploited vulnerability (CVE-2023-40044) and the update CVE-2023-40044 is a .NET deserialization vulnerability that could allow an unauthenticated threat actor … More
The post Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) appeared first on Help Net Security.