Globalscape Breach [cracked] -

Data Breaches Not Inevitable with the Right Strategy - Globalscape

Researchers discovered that certain flaws could allow an attacker to execute code as the SYSTEM user, effectively gaining full control over the server.

Recent security research has uncovered several critical flaws in the Globalscape administration server: globalscape breach

Organizations can no longer assume ransomware is just about encryption. Modern ransomware groups (such as Conti or Ragnar Locker, which were active during that period) almost always steal data before encrypting it. This means that even if you have backups and refuse to pay the ransom, you still have a data breach on your hands requiring notification and remediation.

Globalscape took the following steps:

The investigation revealed that the attackers accessed files containing sensitive Personal Identifiable Information (PII). This data included:

Globalscape patched the issue in version 8.0.1.19, but many customers had or were running end-of-life versions. Data Breaches Not Inevitable with the Right Strategy

| Factor | Explanation | |--------|-------------| | | MFT systems handle sensitive data in transit – exactly what attackers want. | | Zero-day + ransomware | The attacker combined a novel exploit with destructive encryption, maximizing leverage. | | Vendor self-compromise | Globalscape itself was running a vulnerable version of its own product – a common but ironic failure. | | Delayed detection | The breach went unnoticed for 9 days because logging was disabled by the attacker early on. | | Shared credentials | Globalscape support used the same admin accounts for internal and some customer-facing systems. |