Blog
Share This Post
[ad_1]
BleepingComputer reports that intrusions exploiting two critical SQL injection bugs in Progress Software’s network availability and performance monitoring tool WhatsUp Gold, tracked as CVE-2024-6670 and CVE-2024-6671, have been conducted to facilitate remote code execution just five hours after the publication of proof-of-concept exploit codes by security researcher Sina Kheirkhah on Aug. 30.
After executing several PowerShell scripts using WhatsUp Gold’s Active Monitor PowerShell Script functionality, threat actors proceeded with exploiting the ‘msiexec.exe’ Windows utility to install the Atera Agent, SimpleHelp Remote Access, Splashtop Remote, and Radmin remote access tools for persistence and further payload deployment, a Trend Micro analysis showed. Despite the lack of exact attribution, ransomware operations are believed to have been involved in the intrusions due to the presence of several RATs. Such a development comes after more than a month after attacks targeted at WhatsUp Gold instances vulnerable to the critical RCE bug, tracked as CVE-2024-4885, were reported by the Shadowserver Foundation.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
