JBoss Backdoors

Alexander Chiu for Talos looks hard at the JBoss vulnerability: WIDESPREAD JBOSS BACKDOORS A MAJOR THREAT.

Chui observes:

We found just over 2,100 backdoors installed across nearly 1600 ip addresses.

He notes that several compromised systems have the Follett “Destiny” Library Management System software installed, and includes Indicators of Compromise and Snort rules.

US-CERT has issued an advisory.

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.