#ConstructionIndustry

Contractor Software Targeted via Microsoft SQL Server Loophole

September 18, 2024 by Xynik

September 18, 2024 at 05:09PM Threat actors have been targeting Foundation accounting software used in construction, exploiting vulnerabilities in plumbing, HVAC, and concrete sub-industries. Researchers at Huntress discovered the threat, involving host/domain enumeration commands. The software’s MSSQL instance allows mobile app access, potentially exposing TCP port 4243 to the public. Organizations are advised to rotate … Read more

Threat Actors Target Accounting Software Used by Construction Contractors

September 18, 2024 by Xynik

September 18, 2024 at 11:14AM Huntress warns of cyberattacks targeting Foundation Accounting Software, widely used in construction. Threat actors are brute forcing the application and exploiting default credentials, compromising organizations in various sub-industries. The attackers target MSSQL accounts, execute OS commands, and automate attacks. Only 33 publicly exposed hosts running the software with unchanged default … Read more