Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Top Linux Vulnerabilities Exploited by Hackers
#1
https://news.softpedia.com/news/top-linu...3888.shtml       
Top Linux Vulnerabilities Exploited by Hackers
The newly discovered vulnerabilities were used to by cybercriminals to breach Linux systems millions of times
Aug 26, 2021 13:29 GMT  ·  By George Dascalu  ·        Linux-based machines that are directly connected to the Internet can be targets for attackers who can quickly push potentially dangerous web-based shells, ransomware, Trojans, and other malicious software, according to The Hacker News.

Trend Micro produced a comprehensive analysis of the Linux threat landscape, highlighting the barriers and vulnerabilities that have plagued the operating system in the first half of the year. The information was gathered using honeypots, sensors and anonymous telemetry.

According to the company, which has detected about 15 million malware attacks targeting Linux-based cloud environments, ransomware and coin miners account for 54% of all malware, while web shells represent 29% of all recorded events.

Researchers evaluated over 50 million events from 100,000 unique Linux servers and identified 15 separate vulnerabilities used in the wild. What's more concerning is that the vulnerabilities are part of the 15 Docker images widely used in the Docker Hub Official Repository. This demonstrates the critical requirement during the development phase to safeguard and secure containers from attacks of all kinds.

The following are the most commonly exploited Linux vulnerabilities:

    CVE-2017-9805 – Apache Struts 2 REST plugin XStream RCE Flaw, with a CVSS score of 8.1
    CVE-2020-14750 – Oracle WebLogic Server RCE Flaw, with a CVSS score of 9.8
    CVE-2020-17496 – vBulletin ‘subwidgetConfig’ unauthenticated RCE Flaw, with a CVSS score of 9.8
    CVE-2017-12611 – Apache Struts OGNL expression RCE Flaw, with a CVSS score of 9.8
    CVE-2021-29441 – Alibaba Nacos AuthFilter authentication bypass Flaw, with a CVSS score of 9.8
    CVE-2013-4547 – Nginx crafted URI string handling access restriction bypass Flaw, with a CVSS score of 8.0
    CVE-2018-11776 – Apache Struts OGNL expression RCE Flaw, with a CVSS score of 8.1
    CVE-2017-5638 – Apache Struts 2 remote code execution (RCE) Flaw, with a CVSS score of 10
    CVE-2018-7600 – Drupal Core RCE Flaw, with a CVSS score of 9.8
    CVE-2020-25213 – WordPress File Manager (wp-file-manager) plugin RCE Flaw, with a CVSS score of 10.0
    CVE-2020-11651 – SaltStack Salt authorization weakness Flaw, with a CVSS score of 9.8
    CVE-2017-7657 – Eclipse Jetty chunk length parsing integer overflow Flaw, with a CVSS score of 9.8
    CVE-2020-14179 – Atlassian Jira information disclosure Flaw, with a CVSS score of 5.3
    CVE-2019-0230 – Apache Struts 2 RCE Flaw, with a CVSS score of 9.8
    CVE-2020-7961 – Liferay Portal untrusted deserialization Flaw, with a CVSS score of 9.8

The researchers found that consumers and businesses should always adopt security best practices, such as security by design, layered virtual patching or vulnerability protection, and the shared responsibility model.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Apple emergency updates fix 3 new zero-days exploited in attacks mrtrout 0 645 09-21-2023 , 10:02 PM
Last Post: mrtrout
  VMware warns of critical vRealize flaw exploited in attacks mrtrout 0 566 06-21-2023 , 02:00 AM
Last Post: mrtrout
  New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems Bjyda 0 1,110 03-29-2021 , 05:07 PM
Last Post: Bjyda
  At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns Bjyda 0 1,446 03-11-2021 , 10:36 PM
Last Post: Bjyda
  Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-2 Bjyda 0 1,173 03-05-2021 , 12:27 AM
Last Post: Bjyda



Users browsing this thread: 1 Guest(s)