A Custom Python Backdoor for VMWare ESXi Servers
A Custom Python Backdoor for VMWare ESXi Servers
December 9, 2022
by

In October 2022, Juniper Threat Labs discovered a backdoor implanted on a VMware ESXi virtualization server. Since 2019, unpatched ESXi servers have been targets of ongoing in-the-wild attacks based on

More
Share
Asbit: An Emerging Remote Desktop Trojan
Asbit: An Emerging Remote Desktop Trojan
August 31, 2022
by

Introduction   Juniper Threat Labs is currently monitoring an emerging Chinese Remote Desktop Trojan called Asbit. It’s a remote access Trojan being advertised on its developer’s website as a “Fast

More
Share
CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
June 8, 2022
by

A zero-day vulnerability was discovered on Microsoft Windows Support Diagnostic Tool (MSDT).  On May 27, a researcher who goes by the twitter handle nao_sec discovered an interesting Microsoft Word document

More
Share
Muhstik Gang targets Redis Servers
Muhstik Gang targets Redis Servers
March 24, 2022
by

Juniper Threat Labs has uncovered an attack that targets Redis Servers using a recently disclosed vulnerability, namely CVE-2022-0543. This vulnerability exists in some Redis Debian packages. The attack started on

More
Share
Log4j Attack Payloads In The Wild
Log4j Attack Payloads In The Wild
December 17, 2021
by

Juniper Threat Labs compiled a list of the payloads from log4j attacks we have seen as of 12/16. Most of the payloads install malware such as Muhstik, Kinsing, Mirai and

More
Share
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
December 15, 2021
by ,

In a previous post, we discussed the Log4j vulnerability CVE-2021-44228 and how the exploit works when the attacker uses a Lightweight Directory Access Protocol (LDAP) service to exploit the vulnerability.

More
Share
Apache Log4j Vulnerability CVE-2021-44228 Raises widespread Concerns
Apache Log4j Vulnerability CVE-2021-44228 Raises widespread Concerns
December 12, 2021
by

Log4j is a popular logging library used in Java by a large number of applications online. To enhance its functionality from basic log formatting, Log4j added the ability to perform

More
Share
Apache HTTP Server CVE-2021-42013 and CVE-2021-41773 Exploited in the Wild
Apache HTTP Server CVE-2021-42013 and CVE-2021-41773 Exploited in the Wild
October 21, 2021
by

Juniper Threat Labs has been seeing on-going attacks targeting Apache http servers. On October 4, the Apache Software Foundation disclosed CVE-2021-41773, a path traversal 0- day vulnerability with reports of

More
Share
Necro Python Botnet Goes After Vulnerable VisualTools DVR
Necro Python Botnet Goes After Vulnerable VisualTools DVR
October 11, 2021
by

In the last week of September 2021, Juniper Threat Labs detected a new activity from Necro Python (a.k.a N3Cr0m0rPh , Freakout, Python.IRCBot) that is actively exploiting some services, including a

More
Share
CVE-2021-22005: VMware vCenter Analytics Service Arbitrary File Upload Vulnerability
CVE-2021-22005: VMware vCenter Analytics Service Arbitrary File Upload Vulnerability
October 5, 2021
by

VMware vCenter server is a centralised management utility used for managing multiple ESXi hosts, virtual machines and all their dependent components. An arbitrary file upload vulnerability has recently been discovered in the Analytics

More
Share