July 4, 2024 By Bill Toulas
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software.
Threat researchers at security company AhnLab believe that the threat actors are exploiting CVE-2024-23692, a critical-severity security issue that allows executing arbitrary commands without the need to authenticate.
The vulnerability affects versions of the software up to and including 2.3m. In a message on their website, Rejetto warns users that versions 2.3m through 2.4 are "dangerous and should not be used anymore" because of a bug that lets attackers "control your computer," and a fix has yet to be found.
Source: ASEC
