MastodonTech.de

ESET Research<a href="https://infosec.exchange/tags/BREAKING" class="mention hashtag" rel="nofollow noopener" target="_blank">#BREAKING</a> <a href="https://infosec.exchange/tags/ESETResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#ESETResearch</a> has been monitoring the recently discovered <a href="https://infosec.exchange/tags/ToolShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#ToolShell</a> zero-day vulnerabilities in <a href="https://infosec.exchange/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#SharePoint</a> Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. <a href="https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/" rel="nofollow noopener" translate="no" target="_blank">https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/</a> ESET first detected an attempt to exploit part of the execution chain on July 17 in Germany 🇩🇪. Here, the final <a href="https://infosec.exchange/tags/webshell" class="mention hashtag" rel="nofollow noopener" target="_blank">#webshell</a> payload was not delivered. The first time we registered the payload was on July 18 in Italy 🇮🇹. We have since seen active ToolShell exploitation all over the world. We have uncovered several IP addresses that were used in the attacks from July 17 to July 22. The charts show the timeline of the attacks from the three most active of these IP addresses. ToolShell is being exploited by all sorts of threat actors, from petty cybercriminals to state-sponsored groups, among them China 🇨🇳-aligned <a href="https://infosec.exchange/tags/APTs" class="mention hashtag" rel="nofollow noopener" target="_blank">#APTs</a>. We expect these attacks to continue taking advantage of unpatched systems. IoCs available in our GitHub repo: <a href="https://github.com/eset/" rel="nofollow noopener" translate="no" target="_blank">https://github.com/eset/</a>

Pyrzout :vm:Compromised SAP NetWeaver instances are ushering in opportunistic threat actors <a href="https://www.helpnetsecurity.com/2025/05/12/compromised-sap-netweaver-instances-attacks-opportunistic-threat-actors/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/05/12/compromised-sap-netweaver-instances-attacks-opportunistic-threat-actors/</a> <a href="https://social.skynetcloud.site/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#incidentresponse</a> <a href="https://social.skynetcloud.site/tags/enterprise" class="mention hashtag" rel="nofollow noopener" target="_blank">#enterprise</a> <a href="https://social.skynetcloud.site/tags/government" class="mention hashtag" rel="nofollow noopener" target="_blank">#government</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/Forescout" class="mention hashtag" rel="nofollow noopener" target="_blank">#Forescout</a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mandiant</a> <a href="https://social.skynetcloud.site/tags/webshell" class="mention hashtag" rel="nofollow noopener" target="_blank">#webshell</a> <a href="https://social.skynetcloud.site/tags/Onapsis" class="mention hashtag" rel="nofollow noopener" target="_blank">#Onapsis</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/SAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SAP</a>

Pyrzout :vm:SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells <a href="https://hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/</a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerability</a> <a href="https://social.skynetcloud.site/tags/SAPNetWeaver" class="mention hashtag" rel="nofollow noopener" target="_blank">#SAPNetWeaver</a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://social.skynetcloud.site/tags/WebShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebShell</a> <a href="https://social.skynetcloud.site/tags/SAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SAP</a>

hanshi :blackblob:found this malware on my friend's site. checking on it and the original file looks so messy. vim can do `gg=G` to forcing re-indentation of the messed php file with html inside it >.< <a href="https://infosec.exchange/tags/webshell" class="mention hashtag" rel="nofollow noopener" target="_blank">#webshell</a>

Brad2024-12-04 (Wednesday): Casual review of my most recent Apache web server access logs shows what looks like an attempt to get a PHP <a href="https://infosec.exchange/tags/webshell" class="mention hashtag" rel="nofollow noopener" target="_blank">#webshell</a> on my web server.URL for the PHP webshell is hxxp://1.14.123[.]164/ote.txt

:hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified:Popping webshells and slashers <a href="https://infosec.exchange/tags/hackingandhorrormovies" class="mention hashtag" rel="nofollow noopener" target="_blank">#hackingandhorrormovies</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/hacker" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacker</a> <a href="https://infosec.exchange/tags/Metasploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Metasploit</a> <a href="https://infosec.exchange/tags/metasploitable2" class="mention hashtag" rel="nofollow noopener" target="_blank">#metasploitable2</a> <a href="https://infosec.exchange/tags/webshell" class="mention hashtag" rel="nofollow noopener" target="_blank">#webshell</a> <a href="https://infosec.exchange/tags/php" class="mention hashtag" rel="nofollow noopener" target="_blank">#php</a> <a href="https://infosec.exchange/tags/z0ds3c" class="mention hashtag" rel="nofollow noopener" target="_blank">#z0ds3c</a> <a href="https://infosec.exchange/tags/horror" class="mention hashtag" rel="nofollow noopener" target="_blank">#horror</a> <a href="https://infosec.exchange/tags/80shorror" class="mention hashtag" rel="nofollow noopener" target="_blank">#80shorror</a> <a href="https://infosec.exchange/tags/halloween4" class="mention hashtag" rel="nofollow noopener" target="_blank">#halloween4</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#webshell