CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

The Cybersecurity and Infrastructure Security Agency CISA has released an update to a previously published Cybersecurity Advisory CSA, Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations...

Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

SUMMARY Update September 6, 2023: This Cybersecurity Advisory has been updated with new tactics, techniques, and procedures TTPs as well as indicators of compromise IOCs received from an additional victim and trusted third parties. Update End The Cybersecurity and Infrastructure Security Agency...

"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!

One of Twitters big rivals, Mastodon, recently finished fixing four issues which in the worst case allowed for the creation of files on the instances server. Mastodon, whose main selling point is lots of separate communities living on different servers yet still able to communicate, was notified ...

Cyberattack on Medical and Energy Sector by Lazarus Group

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber-attack conducted by North Korean state-sponsored Lazarus Group targeted public and private sector research organizations, the medical research and energy sector as well as their supply chain for...

Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely monitored. This...

How Much is Your Hacked Site Worth?

The Wordfence Threat Intelligence team has recently concluded an investigation of online marketplaces, colloquially known as “shops” by threat actors, selling access to compromised services. While contemporary threat actors primarily coordinate and conduct business through Telegram channels,...

File Upload Vulnerability in Yisetong Electronic Document Security Management System (CNVD-2022-91374)

Electronic Document Security Management System abbreviation: CDG is an electronic document security protection software, which uses drive layer transparent encryption technology to prevent internal staff from leaking secrets and external personnel from illegally stealing core important data asset...

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code...

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

Explotación Activa Sobre Zimbra CVE-2022-37042 RCE Unauthent...

Apache Commons remote code execution vulnerability

Apache Commons is a project of the Apache Software Foundation. Apache Commons is vulnerable to a remote code execution vulnerability that could be exploited by attackers to execute malicious code via injection attacks, write webshells to websites, and take control of entire websites or even serve...

Apache Commons Configuration 代码注入漏洞

Apache Commons is a project of the Apache Software Foundation. Apache Commons is vulnerable to a remote code execution vulnerability that could be exploited by attackers to execute malicious code via injection attacks, write webshells to websites, and take control of entire websites or even serve...

Hackers Actively Exploit F5 BIG-IP Bug

Threat actors have started exploiting a critical bug in the application service provider F5’s BIG-IP modules after a working exploit of the vulnerability was publicly made available. The critical vulnerability, tracked as CVE-2020-1388, allows unauthenticated attackers to launch “arbitrary system...

Ecommerce-Website File Upload Vulnerability

Ecommerce-Website is a complete e-commerce website with an administration panel built using PHP and MySql. v1.1.0 of Ecommerce-Website is vulnerable to a file upload vulnerability, which stems from a lack of file upload restrictions in public/admin/index.php?addproduct The vulnerability is caused...

Php-Malware-Finder - Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools...

How to Buy Precious Patching Time as Log4j Exploits Fly

Sure, Apache got a patch out fast when the Log4j logging library vulnerability – aka Javageddon or “up there with Shellshock” – exploded last week. But emergency patches take days best-case scenario or weeks to install: plenty of time for attackers to do their worst. Which they lickety-split did,...

‘Seedworm’ Attackers Target Telcos in Asia, Middle East

Attackers targeting telcos across the Middle East and Asia for the past six months are linked to Iranian state-sponsored hackers, according to researchers. The cyberespionage campaigns leverage a potent cocktail of spear phishing, known malware and legitimate network utilities that are leveraged ...

APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts...

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the...

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response IR and Managed Detection and Response MDR teams began seeing opportunistic exploitation of two unrelated CVEs: CVE-2021-40539, a REST API authentication bypass in Zoho’s ManageEngine ADSelfService Plus product that Rapid7 has...