Surge in attacks exploiting old ThinkPHP and ownCloud flaws

The first vulnerability is a local file inclusion (LFI) issue in the language parameter of ThinkPHP Framework before 6.0.14. An unauthenticated remote attacker can leverage it to execute arbitrary operating system commands in deployments where the language pack feature is enabled. Threat monitoring platform GreyNoise is reporting spikes in actors leveraging CVE-2022-47945 and CVE-2023-49103 that affect ThinkPHP Framework and the open-source ownCloud solution for file sharing and syncing. Both vulnerabilities have critical severity and can be exploited to execute arbitrary operating system commands or to obtain sensitive data (e.g. admin password, mail server credentials, license key). Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. This is despite its low Exploit Prediction Scoring System (EPSS) rating of 7% and the flaw not being included in CISA's Known Exploited Vulnerabilities (KEV) catalog. According to threat monitoring platform GreyNoise, CVE-2022-47945 is under high-volume exploitation right now, with attacks launched from a growing number of source IPs. "GreyNoise has observed 572 unique IPs attempting to exploit this vulnerability, with activity increasing in recent days," warns the bulletin. Akamai reported last summer that Chinese threat actors have been leveraging the flaw since October 2023 in narrow-scope operations. Soon after the vulnerability's initial disclosure from the developers in November 2023, hackers started exploiting it to steal sensitive information from unpatched systems. GreyNoise observed increased exploitation of CVE-2023-49103 recently, with malicious activity originating from 484 unique IPs. Despite over 2 years having passed since the vendor released an update that addresses the security issue, many instances remain unpatched and exposed to attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 12 Feb 2025 23:05:18 +0000

Cyber News related to Surge in attacks exploiting old ThinkPHP and ownCloud flaws

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
1 year ago Darkreading.com

Critical bug in ownCloud file sharing app exposes admin passwords - Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials. OwnCloud is an open-source file sync and sharing solution ...
1 year ago Bleepingcomputer.com

Hackers start exploiting critical ownCloud flaw, patch now - Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments. OwnCloud is a widely used open-source file synchronization and ...
1 year ago Bleepingcomputer.com

Surge in attacks exploiting old ThinkPHP and ownCloud flaws - The first vulnerability is a local file inclusion (LFI) issue in the language parameter of ThinkPHP Framework before 6.0.14. An unauthenticated remote attacker can leverage it to execute arbitrary operating system commands in ...
7 hours ago Bleepingcomputer.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
2 years ago Securityaffairs.com

CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
8 months ago Securityaffairs.com

New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
8 months ago Securityaffairs.com

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
7 months ago Securityaffairs.com

Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
8 months ago Securityaffairs.com

newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
8 months ago Securityaffairs.com

The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
1 year ago Cybersecuritynews.com

Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
1 year ago Bleepingcomputer.com

ShinyHunters is selling data of 30 million Santander customers - MUST READ. ShinyHunters is selling data of 30 million Santander customers. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
8 months ago Securityaffairs.com

Crooks stole more than $300M worth of Bitcoin from DMM Bitcoin - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Threat actors actively ...
8 months ago Securityaffairs.com

newsletter Round 478 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
7 months ago Securityaffairs.com

North Korea-linked IT workers infiltrated hundreds of US firms - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
8 months ago Securityaffairs.com

newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
8 months ago Securityaffairs.com

Fake AV websites used to distribute info-stealer malware - CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
8 months ago Securityaffairs.com

Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com

Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
7 months ago Securityaffairs.com

LockBit group falsely claimed the hack of the Federal Reserve - LockBit gang claimed responsibility for the attack on City of Wichita. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits JetBrains TeamCity ...
7 months ago Securityaffairs.com

North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
8 months ago Securityaffairs.com

Exploits released for critical Jenkins RCE flaw, patch now - Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. ...
1 year ago Bleepingcomputer.com

Russia-linked group APT29 likely breached TeamViewer - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Finnish police linked APT31 to the 2021 parliament attack. BianLian group exploits JetBrains TeamCity bugs in ...
7 months ago Securityaffairs.com

Latest Cyber News

CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 2 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 3 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 3 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 4 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 4 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 7 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 7 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 7 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 8 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 9 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 10 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 11 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 11 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 11 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 13 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 13 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 13 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 13 hours ago
CVE-2025-1207 - 14 hours ago
CVE-2025-0556 - 14 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 2 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 3 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 3 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 4 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 4 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 7 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 7 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 7 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 8 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 9 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 11 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 13 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 13 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 11 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 11 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 13 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 13 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 10 hours ago
CVE-2023-40721 - 1 day ago
CVE-2024-12755 - 1 day ago