Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776

in security •  6 years ago 

 Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776

Just so everyone is aware. There is a new active vulnerability in Apache Struts. It is advised that everyone upgrade their Struts to the latest version to stop attacks. Default configs of Struts aren't affected. But if you've modified Struts you could be at risk. And curiously enough Struts are being infected with a coin miner. 

Attackers infecting servers with coinminers
After analyzing some of these exploitation attempts, Volexity  researchers say they were able to pinpoint the exact nature of these  attacks. The company says the group behind these scans is using CVE-2018-11776  to break into Struts apps and contaminate the underlying server with a  version of the CNRig cryptocurrency miner downloaded from a BitBucket  repository. Right now, the attacks are small in scale, compared to other threat actors scanning for other vulnerabilities. "Wide-scale indiscriminate exploitation has still not yet been observed," Greynoise said earlier today. The reason, as Palo Alto Networks researchers have pointed out, is  that Struts apps in their default configs are not vulnerable to  CVE-2018-11776, meaning fewer servers are likely to be vulnerable,  hence, the effort is not worth for many crooks. 

So if you're an admin or developer using the software please update before you get pwn3d.

security apache struts exploit coinminer
6 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.17
  • Past Payouts $0.17
  • - Author $0.17
  • - Curators $0.00
4 votes
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!