#CVE20246670

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

by

September 13, 2024 at 08:15AM Malicious actors are leveraging publicly available proof-of-concept exploits for security flaws in Progress Software WhatsUp Gold, leading to opportunistic attacks shortly after the release. The attacks involved bypassing authentication and exploiting PowerShell scripts to download remote access tools, indicating potential involvement of ransomware actors. This is the second active weaponization … Read more

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

by

September 12, 2024 at 05:49AM Trend Micro researchers discovered remote code execution attacks on WhatsUp Gold leveraging the Active Monitor PowerShell Script since August 30. Exploiting vulnerabilities CVE-2024-6670 and CVE-2024-6671, the attacks persisted despite available patches, emphasizing the need for prompt patch application and proactive monitoring to prevent similar incidents. Mitigation steps include access control, … Read more