ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't
Botnet Looks for Vulnerable Internal Network MachinesDelivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector. Log4Shell burst into public awareness in late 2021 when security researchers identified a flaw in the ubiquitous Apache Log4J 2 Java library.
Fortiguard Labs identified multiple threat actors leveraging CVE-2023-46604
The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts
Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs The US government's Cybersecurity and Infrastructure Security Agency (CISA) is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet.…
Latest iteration exploits Apache vulnerabilities
The Zerobot botnet has been upgraded to infect new devices by exploiting security vulnerabilities affecting Internet-exposed and unpatched Apache servers. [...]