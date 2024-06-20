erek
"The most frequently targeted files seen by Greynoise are:
- \etc/passwd (contains user account data on Linux)
- /ProgramData/RhinoSoft/Serv-U/Serv-U-StartupLog.txt (contains startup logs info for the Serv-U FTP server)
- /windows/win.ini (initialization file containing Windows configuration settings)
GreyNoise reports cases where the attackers appear to copy-paste exploits without testing, resulting in failed attempts.
In other exploitation attempts from China, the attackers showcase persistence, adaptability, and better understanding.
GreyNoise says they experimented with different payloads and formats for four hours and adjusted their approach based on server responses.
With confirmed attacks underway, system administrators must apply the available fixes as soon as possible."
Source: https://www.bleepingcomputer.com/ne...traversal-flaw-actively-exploited-in-attacks/