Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild

Juniper Threat Labs continuously monitors in-the-wild network traffic for malicious activity. Today, we have discovered an active exploitation of a vulnerability that was disclosed just 2 days ago.  CVE-2021-20090 is a vulnerability that was discovered by

Share
Linux Servers Hijacked to Implant SSH Backdoor

On February 1st, Juniper Threat Labs observed an attack that attempted to inject malicious code into Secure Shell (SSH) servers on Linux. The attack begins with an exploit against the

Share
CVE-2021-21972: VMware vCenter Unauthorized Remote Code Execution

VMware vCenter Server is the centralized server management software for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location.

Share
Sysrv Botnet Expands and Gains Persistence

On March 4, 2021, Juniper Threat Labs identified a surge of activity of the Sysrv botnet. The botnet spread itself into Windows and Linux systems by exploiting multiple vulnerabilities, which

Share
CVE-2021-25646: Apache Druid Embedded Javascript Remote Code Execution

Apache Druid is an open source, distributed data store that is designed for ingesting high volumes of data to provide instant data visibility, ad-hoc analytics and queries with low latency and

Share
Everything but the kitchen sink: more attacks from the Gitpaste-12 worm

In November, Juniper Threat Labs documented a new wormable cryptomining campaign dubbed Gitpaste-12. The initial wave of Gitpaste-12 attacks was last seen on October 27, when the GitHub repository hosting

Share
DarkIRC bot exploits recent Oracle WebLogic vulnerability

  Juniper Threat Labs is seeing active attacks on Oracle WebLogic software using CVE-2020-14882. This vulnerability, if successfully exploited, allows unauthenticated remote code execution. As of this writing, we found

Share
Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin

Gitpaste-12 is a new worm recently discovered by Juniper Threat Labs, which uses GitHub and Pastebin for housing component code and has at least 12 different attack modules available. There

Share
Juniper’s Attacker IP feed bolsters threat protection with SecIntel

Juniper Threat Labs (JTL) has a network of sensors throughout the world that we use to monitor cyber security threats. These threats can range from Brute Force attacks against logins,

Share
New pastebin-like service used in multiple malware campaigns

Juniper Threat Labs identified several malware campaigns that rely on a pastebin-like service for its infection chain. The domain in question is paste.nrecom.net. The attacks usually start as a phishing

Share