Unit 42 researchers detail how attacks against the newly patched Oracle Weblogic vulnerability may increase based on details of the vulnerability and analysis of activity seen to date. Research also shows how attackers are using the vulnerability to plant XMRig cryptominer on vulnerable systems.
Unit 42 releases new details on two vulnerabilities in Social Warfare (CVE-2019-9978). Both vulnerabilities are present in all versions of Social Warfare prior to 3.5.3: an estimated 42,000 websites are potentially vulnerable. Unit 42 researchers found five compromised sites actively used for hosting malicious exploit code, which allows the attackers to control more websites. In this blog post we provide new details on the root cause of the vulnerabilities, proof of concept code (PoC) to demonstrate the vulnerability, and information on attacks we observed in the wild as well as the scope of vulnerable sites.