f5cms

 

Key points

Just days after the ThinkPHP vulnerability was discovered, it is already being used on the Internet.

Nearly 46,000 servers, most located in China, are potential targets to exploit this.

Multiple threat actors launched multiple campaigns at the same time, which may show infectious potential.

Campaigns range from checking and uploading back doors to using a variety of Mirai IoT malware.

F5 researchers have recently seen a number of new initiatives that reduce exposure to ThinkPHP, a popular PHP framework in China. Within days of its discovery, multiple threats had already taken advantage of the vulnerability. With this vulnerability, we can see a similar pattern to what we saw in other RCE vulnerabilities, such as Apache Struts 2 - CVE-2017-5638 mentioned last year, where hackers - are heading to rush to take advantage of the time it takes to Get organizations hooked and profit from them. me. New ThinkPHP awareness campaigns are launched every other day. In our experience, although used sparingly, these ventures can last for more than a year.

f5 cms

Remote code deployment vulnerability

On December 9, ThinkPHP released a security update stating that a vulnerability had recently been captured.1 According to ThinkPHP (translated from Chinese), “Because the framework does not find the administrator's name enough, it could generate potential vulnerabilities without the capacity of the emergency route. After examining the code of the vulnerability, it is clear that this vulnerability stems from an unverified input, which allows an attacker to trigger an app.invokefunction action to perform the actions he wants to execute on the affected system. This vulnerability affects versions 5.0 and 5.1 and has been fixed in versions 5.0.23 and 5.1.31.

Comments

Post a Comment

Popular posts from this blog

what are wifi firewalls?

Adding a Wi-Fi firewall to your network wifi firewalls Deploying a Wi-Fi firewall involves installing a central server in your NOC and positioning remote sensors throughout the offices ("air space") to be monitored. Sensor network planning is essential to avoid coverage holes in locations like stairwells where intruders might lurk unobserved. Most appliances use overlay networks of dedicated sensors. Some can also use regular APs that watch for rogues in their spare time. Dedicated sensors have better observation and prevention capabilities, but require more up-front investment to purchase, mount, power, and cable. Sensors that support Power over Ethernet and/or daisy-chaining can reduce that cost. Communication between remote sensors and the central server usually requires modest bandwidth, but a large remote office with limited WAN access may deserve its own server.
Read more

what is desktop support career path?

Desktop support techs are the mechanics of the IT world. People come to you with a problem. They're frustrated. They don't know what happened, or whether it was their fault. They just know something doesn't work that should, and they need you to help. It's your job to figure it out and make it work. Whether it's a PC, Mac, Android, or printer. desktop support career path Google is a good friend to any desktop support tech, but it's not prescient. The search output is only as valuable as the question you ask it. Garbage in, garbage out. You need to know how the parts of a computer interact and how the computer interacts with the network to even start looking for the solution to a problem. That's exactly what CBT Nuggets trainer Anthony Sequeira teaches in this Intro to IT course. After you watch these videos, you'll have a basic understanding of hardware, software, and how to become an "IT mechanic".
Read more

what is a managed router?

managed router If you have a home network, you need the best firewalls for home users. You might think about why to use one if you already have the best antivirus program set up. This is true, but without a firewall, you still leave the backdoor open for people to enter your network. Whether you are using your computer at home or in a business, you can become the victim of a hack attack when using the internet. By using a firewall for home protection, you can reduce the risk of remote access by a Trojan or a hacker trying to find a security hole in the system.
Read more