Muhstik Botnet Targeting Confluence Servers with CVE-2021-26084
Muhstik Botnet Targeting Confluence Servers with CVE-2021-26084
September 8, 2021
by

  Juniper Threat Labs is seeing an on-going attack targeting Confluence servers. On August 25, Atlassian, the company behind Confluence, disclosed the vulnerability CVE-2021-26084. A few days after that, several

More
Share
Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware
Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware
September 8, 2021
by

Juniper Threat Labs has detected a new development in the Aggah malware campaign. Previously, Aggah was known to be using legitimate infrastructures like BlogSpot, WordPress and Pastebin to host its

More
Share
Attacks Continue Against Realtek Vulnerabilities
Attacks Continue Against Realtek Vulnerabilities
September 2, 2021
by ,

As we predicted in last week’s post, threat actors continue to utilize new Realtek vulnerabilities disclosed by IoT Inspector Research Lab to distribute malware. Starting on August 19th, Juniper Threat

More
Share
RealTek CVE-2021-35394 Exploited in the Wild
RealTek CVE-2021-35394 Exploited in the Wild
August 27, 2021
by ,

Juniper Threat Labs has detected that the threat actors that we recently observed exploiting CVE-2021-20090 are now actively exploiting CVE-2021-35394, a vulnerability disclosed last week by IoT Inspector Research Lab.

More
Share
Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild
Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild
August 6, 2021
by ,

Juniper Threat Labs continuously monitors in-the-wild network traffic for malicious activity. Today, we have discovered an active exploitation of a vulnerability that was disclosed just 2 days ago.  CVE-2021-20090 is a vulnerability that was discovered by

More
Share
Linux Servers Hijacked to Implant SSH Backdoor
Linux Servers Hijacked to Implant SSH Backdoor
April 26, 2021
by

On February 1st, Juniper Threat Labs observed an attack that attempted to inject malicious code into Secure Shell (SSH) servers on Linux. The attack begins with an exploit against the

More
Share
CVE-2021-21972: VMware vCenter Unauthorized Remote Code Execution
CVE-2021-21972: VMware vCenter Unauthorized Remote Code Execution
April 8, 2021
by

VMware vCenter Server is the centralized server management software for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location.

More
Share
Sysrv Botnet Expands and Gains Persistence
Sysrv Botnet Expands and Gains Persistence
April 8, 2021
by

On March 4, 2021, Juniper Threat Labs identified a surge of activity of the Sysrv botnet. The botnet spread itself into Windows and Linux systems by exploiting multiple vulnerabilities, which

More
Share
CVE-2021-25646: Apache Druid Embedded Javascript Remote Code Execution
CVE-2021-25646: Apache Druid Embedded Javascript Remote Code Execution
March 8, 2021
by ,

Apache Druid is an open source, distributed data store that is designed for ingesting high volumes of data to provide instant data visibility, ad-hoc analytics and queries with low latency and

More
Share
Everything but the kitchen sink: more attacks from the Gitpaste-12 worm
Everything but the kitchen sink: more attacks from the Gitpaste-12 worm
December 14, 2020
by

In November, Juniper Threat Labs documented a new wormable cryptomining campaign dubbed Gitpaste-12. The initial wave of Gitpaste-12 attacks was last seen on October 27, when the GitHub repository hosting

More
Share