8 matches found
PT-2025-15232
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.3.0 Description Langflow is susceptible to unauthenticated remote code execution due to missing authentication in the HTTP Request Handler. A remote attacker can send crafted HTTP requests to the...
ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed...
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLa...
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based...
VMware Releases Patches for New Vulnerabilities Affecting Multiple Products
VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 CVSS score: 9.8, concerns an authentication bypass that...
Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
Christopher Evans of Cisco Talos conducted the research for this post. Executive Summary Cisco Talos warns users that they need to keep a close eye on unsecured Elasticsearch clusters. We have recently observed a spike in attacks from multiple threat actors targeting these clusters. These attacke...
Vesta control panel servers infected with DDoS malware after supply chain attack
By Waqas An open-source hosting panel software provider, Vesta Control Panel VestaCP, has admitted that the company became a victim of a supply chain attack. In an announcement made by VestaCP on its forum, it was revealed that the hacker managed to contaminate the source code of its project with...
Nitol Botnet Shares Code with Other China-Based DDoS Malware
Microsoft has learned that much of the code used by the Nitol malware family is copied from free malware resources hosted on Chinese websites. Microsoft posted portions of the code online this week where similar lines used for denial of service attack functionality are present in Nitol and on the...