Skip to main content

Researchers uncover botnet targeting decade-old CMS vulnerability

posted onOctober 22, 2020
by l33tdawg
Beta News
Credit: Beta News

The results of a six-month investigation into a botnet that targets a vulnerability in content management systems have been released today by Imperva Research Labs.

The botnet known as 'KashmirBlack' first appeared around November 2019 and is still active. It's managed by a single command and control server and uses more than 60 servers -- mostly innocent surrogates -- as part of its infrastructure.

KashmirBlack exploits the PHPUnit RCE vulnerability to infect its victim -- despite it being a known, patchable vulnerability that is almost a decade old. The hackers are likely targeting CMS because they are notorious for poor cyber hygiene, as many people use old versions, unsupported plug-ins, and weak passwords. The pandemic has created more opportunities for the botnet, as more businesses are in need of easy web frameworks, like WordPress, to digitize their business operations.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th