Malware and Cryptominers Distributed Via HFS Servers

Hackers are actively targeting older versions of Rejetto's HTTP File Server (HFS) to distribute malware and cryptocurrency mining software. According to threat researchers at AhnLab, the attackers are exploiting CVE-2024-23692, a critical security vulnerability that allows them to execute arbitrary commands without requiring authentication. This vulnerability impacts all versions of the software up to and including 2.3m. Rejetto has cautioned users via their website, advising that versions 2.3m to 2.4 are unsafe due to a bug enabling attackers to gain control of users' computers. A fix for this issue has not yet been identified. Read more...