Globalscape Breach 【500+ PLUS】

Globalscape took the following steps:

The investigation revealed that the attackers accessed files containing sensitive Personal Identifiable Information (PII). This data included: globalscape breach

The Globalscape breach accelerated several trends: bypassing login controls entirely.

An out-of-bounds memory read vulnerability allowed attackers to bypass authentication or crash the service entirely. globalscape breach

Older versions were found to have password leak risks due to default settings that did not follow security best practices. Context: The Rise of MFT Attacks

The breach was enabled by a in Globalscape EFT versions prior to 8.0.1.19. The flaw resided in the HTTP administration interface (port 8000/tcp by default). An unauthenticated remote attacker could send a specially crafted request to the admin endpoint, bypassing login controls entirely.