TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

The Register

First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed

Carly Page · 5 days ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
94%
“a patch on tuesday, exploitation was already underway. hosting provider knownhost has been more explicit about what that looked like in practice, warning customers it had seen successful exploitation attempts before any fix was available. in a reddit post, the company ' s ceo, da…”
T1190Exploit Public-Facing Application
76%
“first reports come in of victims of critical cpanel vuln as ' millions ' of sites potentially exposed first reports come in of victims of critical cpanel vuln as ' millions ' of sites potentially exposed exploitation was underway before patches landed, at least one victim reports…”
T1588.006Vulnerabilities
57%
“first reports come in of victims of critical cpanel vuln as ' millions ' of sites potentially exposed first reports come in of victims of critical cpanel vuln as ' millions ' of sites potentially exposed exploitation was underway before patches landed, at least one victim reports…”
T1190Exploit Public-Facing Application
44%
“nasty cpanel vulnerability probably exploited as a 0 - day - how to host a linux - powered local dev site in windows - crooks stole aws credentials from misconfigured sites then kept them in open s3 bucket - godaddy joins the dots and realizes it ' s been under attack for three y…”

Summary

Exploitation was underway before patches landed, at least one victim reports ransomware demand

CISA has added a critical cPanel bug to its known-exploited list, confirming that attackers are already poking holes in one of the internet's most widely used hosting stacks.…