Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Hackers Exploit Critical WhatsUp Gold Vulnerabilities: Update Now or Regret Later!
Hackers are exploiting two critical SQL injection vulnerabilities in WhatsUp Gold. Despite fixes from Progress Software, many organizations haven’t updated, giving threat actors ample opportunity.
Hot Take:
Who knew WhatsUp Gold could lead to such a letdown? The real “gold” here is in hackers’ hands, thanks to some slipshod sanitization and slow updates. Time to WhatsUp your security game, folks!
Key Points:
- Hackers exploit SQL injection vulnerabilities (CVE-2024-6670 & CVE-2024-6671) in WhatsUp Gold.
- Flaws allow retrieval of encrypted passwords without authentication.
- Despite updates being available, many organizations are slow to patch.
- Trend Micro reports active exploitation using PowerShell scripts and RATs.
- Security updates and detection instructions released by Progress Software on August 16 and September 10, respectively.
Already a member? Log in here