HolesWarm Malware Exploits Unpatched Windows, Linux Servers
#1
Information 
Quote:By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June.
 
The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between attacks, researchers at Tencent who first identified HolesWarm refer to the malware as the “King of Vulnerability Exploitation.”
 
Tencent warned that both government and enterprise should mitigate known vulnerabilities as soon as possible to prevent from falling prey to the next HolesWarm attack.
 
“As the HolesWarm virus has changed more than 20 attack methods in a relatively short period of time, the number of lost cloud hosts is still on the rise,” Tencnt analysts said in its Tuesday report.
Besides its cryptomining function, HolesWarm gives attackers password information and even control of the victim’s server.

The Tencent team observed HolesWarm using high-risk vulnerabilities in various common office server components, including Apache Tomcat, Jenkins, Shiro, Spring boot, Structs2, UFIDA, Weblogic, XXL-JOB and Zhiyuan.

Read more: HolesWarm Malware Exploits Unpatched Windows, Linux Servers  | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>