14 matches found
PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service DDoS botnets. The vulnerability in question is CVE-2024-4577 CVSS score: 9.8, which allows an attacker to...
Muhstik Botnet Exploits Apache RocketMQ Flaw in Latest Operations
...
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Muhstik botnet exploits a critical Apache RocketMQ flaw CVE-2023-33246 for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary "pty3", and...
Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was...
Muhstik botnet adds another vulnerability exploit to its arsenal
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Muhstik malware has begun attacking Redis Servers by exploiting a recently reported vulnerability, CVE-2022-0543. This flaw can be found in several Redis Debian packages. The attack began on March 11, 2022, and was carried out...
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data...
CVE-2022-0543
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution. Recent assessments: NinjaOperator at March 25, 2022 8:04pm UTC reported: Muhstik Gang has been seen exploiting...
New Muhstik Botnet Attacks Target Tomato Routers
A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. Researchers at Palo Alto Networks’ Unit 42 discovered the new variant...
Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig
Malicious activity exploiting the recently disclosed Oracle WebLogic critical deserialization vulnerability CVE-2019-2725 is surging. Even though there’s a patch, tens of thousands of vulnerable machines represent an irresistible target for hackers, according to Unit 42 researchers at Palo Alto...
Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw
UPDATE A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers. The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching...
Drupalgeddon 2.0 Still Haunting 115K+ Sites
More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago. When it was first revealed, the bug, which has been dubbed Drupalgeddon 2.0, impacted an estimated 1+ million sites running Drupal – including major U.S. educational...
5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws
Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have...
5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws
Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have...
Muhstik Botnet Exploits Highly Critical Drupal Bug
Researchers are warning a recently discovered and highly critical vulnerability found in Drupal’s CMS platform is now being actively exploited by hackers who are using it to install cryptocurrency miners and to launch DDoS attacks via compromised systems. At the time of the disclosure, last month...