Tag: CVE-2017-10271
Conclusion Continuing the trend from January, threat actors in February delivered crypto-miners and Mirai variants. Most of the vulnerabilities exploited in February are not new, however, they are known vulnerabilities in popular applications and systems. In these cases, a threat actor is not looking for a specific target, but instead tries to exploit as many…
Read MoreAs we can see in Figure 8, the developers for SG Optimizer added a permission_callback command to the newly registered REST API routes. This indicates that prior to version 5.0.13, the SG Optimizer plugin had various privilege escalation vulnerabilities. Those vulnerabilities allowed any threat actor to send a malicious request to these registered REST API…
Read MoreOracle WebLogic WLS Security Component RCE (CVE-2019-2725) On April 21, 2019, information regarding a deserialization vulnerability in Oracle WebLogic Server was published by KnownSec 404 Team. According to the CVE, the vulnerability exists in the Web Services subcomponent of Oracle WebLogic. Similar to the previous Oracle WebLogic vulnerability discussed above, this new vulnerability also stems…
Read MoreSecurity researchers at F5 Networks constantly monitor web traffic at various locations throughout the world. This allows us to detect “in the wild” malware, and to get an insight into the current threat landscape. Here’s an overview of what we saw in May 2019. Throughout the month of May, the team detected 10 new attack…
Read MoreCryptominers are frequently included in recent attack campaigns; if you would like to learn more about cryptominers, please check out some of our previous monthly attack campaign wrap-ups. Conclusion Campaigns aimed at mining cryptocurrency and targeting Oracle WebLogic continue to rise in popularity. This has been fueled in part by the zero-day vulnerability found in…
Read MoreConclusion Campaigns aimed at mining cryptocurrency and targeting Oracle WebLogic are clearly on the rise, and F5 researchers anticipate this trend to continue. This has been fueled partly by the zero-day vulnerability (CVE-2019-2725)found in April 2019. Oracle WebLogic is used widely by large corporations, and the servers are resource-intensive. This attracts threat actors looking to…
Read MoreFurther analysis on this sample was not conducted. F5 Labs has reported extensively on the Mirai botnet, IoT landscape, and some of its variants. For a detailed breakdown on current Mirai botnets seen in the threat landscape, the Hunt for IoT Research Series publishes current threat data. Conclusion All of the vulnerabilities targeted this month…
Read MoreThe script uses random function and variable names to avoid detection by antivirus engines. It also contains another Base64-encoded payload. The threat actor uses .Net APIs to call the Windows API. For example, the script uses the .NET API to find address of VirtualAlloc function exported by kernel32.dll. It then marshals the shellcode by using…
Read MoreThis view is also notable since it is the first time we’re seeing any of these newly added, high-profile CVEs show up. Second row, far right is CVE-2014-6271, an OS command injection vulnerability more commonly known as Shellshock/Bashdoor. Shellshock shows more targeting variability from month to month than most CVEs (not including CVE-2020-11625, which has…
Read MoreIntroduction Welcome to the February 2024 installment of the Sensor Intelligence Series, our monthly summary of vulnerability intelligence based on distributed passive sensor data. This month’s attack data is, at least in the most seen attacks, much like recent months. We continued to tweak our approach to threat hunting this month and managed to find…
Read More