- Jun 9, 2013
- 6,720
Spurred by the recent discovery that the Samas (aka SamSam) ransomware is being spreadvia compromised servers running out-of-date versions of Red Hat’s JBoss server software, Cisco Talos researchers have begun scanning the Internet for machines that might be at risk.
They found approximately 3.2 million vulnerable machines, but also a considerable number of those that are already compromised: 2,100 backdoors have been already been installed across nearly 1600 IP addresses.
Another way into the compromised systems was through a vulnerability in Destiny, a library management system by Follett. This vulnerability has already been patched and customers were urged to implement the patch.
“We’ve learned that there is normally more than one webshell on compromised JBoss servers and that it is important to review the contents of the jobs status page,” the researchers noted.
Full Article. Over 3 million servers running outdated JBoss software open to attack - Help Net Security
They found approximately 3.2 million vulnerable machines, but also a considerable number of those that are already compromised: 2,100 backdoors have been already been installed across nearly 1600 IP addresses.
Another way into the compromised systems was through a vulnerability in Destiny, a library management system by Follett. This vulnerability has already been patched and customers were urged to implement the patch.
“We’ve learned that there is normally more than one webshell on compromised JBoss servers and that it is important to review the contents of the jobs status page,” the researchers noted.
Full Article. Over 3 million servers running outdated JBoss software open to attack - Help Net Security
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
