Cyber Mayhem: Hackers Pounce on Fresh WhatsUp Gold Exploits!
Malicious actors are exploiting WhatsUp Gold security flaws exposed by proof-of-concept exploits released on August 30, 2024. Despite patches, some organizations were slow to update, leading to attacks within hours. Researchers warn that these vulnerabilities allow attackers to bypass authentication and install remote access tools, marking a serious threat.
Hot Take:
Who knew that the favorite pastime of cybercriminals was to pounce on freshly disclosed vulnerabilities like they’re on an all-you-can-hack buffet? Progress Software’s WhatsUp Gold might need to change its name to What’s Going On, because it’s getting more attention from hackers than a celebrity at a paparazzi convention!
Key Points:
- Cybercriminals are exploiting proof-of-concept (PoC) exploits for vulnerabilities in Progress Software’s WhatsUp Gold.
- The exploits target CVE-2024-6670 and CVE-2024-6671, both with a CVSS score of 9.8.
- Despite patches being available, some organizations failed to apply them promptly, leading to immediate attacks.
- Hackers are using WhatsUp Gold’s Active Monitor PowerShell Script to install remote access tools like Atera Agent and Splashtop Remote.
- This is the second major exploitation of WhatsUp Gold vulnerabilities, following a similar incident in early August 2024.
Already a member? Log in here