Tag: CVE-2017-1000353
Last week, a malware campaign targeting Jenkins automation servers was reported by CheckPoint researchers.1 The attackers exploited a deserialization vulnerability2 in Jenkin’s bidirectional channel (CVE-2017-1000353)3 to deploy Monero cryptomining malware that generated an estimated profit of $3 million. Following this disclosure, F5 researchers observed what appears to be the same threat actor group, as they…
Read MoreThreat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations. Source link lol
Read MoreOracle WebLogic WLS Security Component RCE (CVE-2019-2725) On April 21, 2019, information regarding a deserialization vulnerability in Oracle WebLogic Server was published by KnownSec 404 Team. According to the CVE, the vulnerability exists in the Web Services subcomponent of Oracle WebLogic. Similar to the previous Oracle WebLogic vulnerability discussed above, this new vulnerability also stems…
Read MoreRecent Posts
- CISA Releases Six Industrial Control Systems Advisories | CISA
- AWS Partner ClearScale Launches ‘Powerful’ Cloud Migration Platform
- Mysterious “LOVE” packet storms flood the internet since 2020
- An Analyst’s Guide to Cloud-Native Vulnerability Management: Where to Start and How to Scale
- Understanding cyber-incident disclosure