ProFTPD File Transfer server software compromised by attackers; anyone who downloaded it between Nov. 28 through Dec. 2 most likely at risk.
This is a very disturbing article in that the hackers were able to enter the system through an unpatched security hole in the FTP server daemon. They then replaced the file transfer software with their version of the software that contained a backdoor. This potentially would allow access to thousands of FTP servers using the software if a version had been downloaded and compiled during the window of November 28th through December 2nd.
Once the breach was identified the software was corrected and a link was provided for users to check the integrity of their software. I would also guess that notification went out to all users directing them to the website due to the potential for security issues that this created. This is rare, I am sure a very difficult breach to relay on to users.
http://www.darkreading.com/authentication/167901072/security/application-security/228500217/open-source-project-server-hacked-software-rigged-with-backdoor-trojan.html
No comments:
Post a Comment