Muhstik Gang targets Redis Servers

Juniper Threat Labs has uncovered an attack that targets Redis Servers using a recently disclosed vulnerability, namely CVE-2022-0543. This vulnerability exists in some Redis Debian packages. The attack started on

Share
Log4j Attack Payloads In The Wild

Juniper Threat Labs compiled a list of the payloads from log4j attacks we have seen as of 12/16. Most of the payloads install malware such as Muhstik, Kinsing, Mirai and

Share
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI

In a previous post, we discussed the Log4j vulnerability CVE-2021-44228 and how the exploit works when the attacker uses a Lightweight Directory Access Protocol (LDAP) service to exploit the vulnerability.

Share
Apache Log4j Vulnerability CVE-2021-44228 Raises widespread Concerns

Log4j is a popular logging library used in Java by a large number of applications online. To enhance its functionality from basic log formatting, Log4j added the ability to perform

Share
Apache HTTP Server CVE-2021-42013 and CVE-2021-41773 Exploited in the Wild

Juniper Threat Labs has been seeing on-going attacks targeting Apache http servers. On October 4, the Apache Software Foundation disclosed CVE-2021-41773, a path traversal 0- day vulnerability with reports of

Share
Necro Python Botnet Goes After Vulnerable VisualTools DVR

In the last week of September 2021, Juniper Threat Labs detected a new activity from Necro Python (a.k.a N3Cr0m0rPh , Freakout, Python.IRCBot) that is actively exploiting some services, including a

Share
CVE-2021-22005: VMware vCenter Analytics Service Arbitrary File Upload Vulnerability

VMware vCenter server is a centralised management utility used for managing multiple ESXi hosts, virtual machines and all their dependent components. An arbitrary file upload vulnerability has recently been discovered in the Analytics

Share
Muhstik Botnet Targeting Confluence Servers with CVE-2021-26084

  Juniper Threat Labs is seeing an on-going attack targeting Confluence servers. On August 25, Atlassian, the company behind Confluence, disclosed the vulnerability CVE-2021-26084. A few days after that, several

Share
Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware

Juniper Threat Labs has detected a new development in the Aggah malware campaign. Previously, Aggah was known to be using legitimate infrastructures like BlogSpot, WordPress and Pastebin to host its

Share
Attacks Continue Against Realtek Vulnerabilities

As we predicted in last week’s post, threat actors continue to utilize new Realtek vulnerabilities disclosed by IoT Inspector Research Lab to distribute malware. Starting on August 19th, Juniper Threat

Share