September 13, 2024 at 08:15AM
Malicious actors are leveraging publicly available proof-of-concept exploits for security flaws in Progress Software WhatsUp Gold, leading to opportunistic attacks shortly after the release. The attacks involved bypassing authentication and exploiting PowerShell scripts to download remote access tools, indicating potential involvement of ransomware actors. This is the second active weaponization of vulnerabilities in WhatsUp Gold.
Key points from the meeting notes:
1. There are active threats leveraging publicly available PoC exploits for recently disclosed security flaws in Progress Software WhatsUp Gold.
2. The attacks involve bypassing WhatsUp Gold authentication to exploit the Active Monitor PowerShell Script, ultimately downloading various remote access tools for gaining persistence on the Windows host.
3. The use of several remote access software points to the involvement of a ransomware actor.
4. This is the second time security vulnerabilities in WhatsUp Gold have been actively weaponized in the wild.
5. Trend Micro also revealed that threat actors are exploiting a now-patched security flaw in Atlassian Confluence Data Center and Confluence Server (CVE-2023-22527, CVSS score: 10.0) to deliver the Godzilla web shell.
These are the main takeaways from the meeting notes regarding software security and threat intelligence.