A large-scale exploitation campaign targeting web content management systems (CMS


 A large-scale exploitation campaign targeting web content management systems (CMS), with many Australian businesses impacted.

The vulnerabilities being targeted affect CMS software and plugins which, if exploited, enable malicious actors to remotely access and control targeted web servers. 

Organisations, including small businesses, are encouraged to take immediate action to protect their web servers.

 

▶ Inspect your CMS for webshells.

▶ Examine your web access logs for any IP addresses making GET or POST requests to any webshell paths.

▶ Treat servers with identified webshells as compromised, isolate them and perform an audit for malicious activity.

▶ Review network logs for interactions with identified IP addresses. 

▶ Investigate logging and hosts for evidence of persistence, lateral movement or other malicious actions.

▶ Patch vulnerable systems to prevent re-infection.

▶ If there are indications that websites are compromised, restore websites from a recent known-good backup.

 

If a service provider maintains your website, point them to this alert and review our guidance at the below link for additional questions to ask. 

 

Read the full alert and take additional steps to protect your websites

 ðŸ‘‰ https://lnkd.in/gkyDM4uY

0 comments:

Post a Comment

Twitter Facebook Favorites More