For the past two weeks, hackers have been exploiting a critical vulnerability in the SugarCRM (customer relationship management) system to infect users with malware that gives them full control of their servers.
The vulnerability began as a zero-day when the exploit code was posted online in late December. The person posting the exploit described it as an authentication bypass with remote code execution, meaning an attacker could use it to run malicious code on vulnerable servers with no credentials required. SugarCRM has since published an advisory that confirms that description. The exploit post also included various “dorks,” which are simple web searches people can do to locate vulnerable servers on the Internet.
Network monitoring service Censys said that as of January 5, it had detected 291 SugarCRM servers infected using the zero-day. That’s close to 10 percent of the total 3,066 SugarCRM servers Censys detected. Infections were highest in the US, with 90, followed by Germany, Australia, and France. In an update on Tuesday, Censys said the number of infections hasn’t ticked up much since the original post.
Read 7 remaining paragraphs | Comments
Source: Ars Technica – Hundreds of SugarCRM servers infected with critical in-the-wild exploit