"Cyberattackers Swarm Openfire Cloud Servers With Takeover Barrage"
The cybercriminal group Kinsing has returned, exploiting a previously disclosed path traversal vulnerability in the Openfire enterprise messaging application to create unauthenticated admin users. They can then upload malware and a Monero cryptominer to compromised platforms after gaining complete control of Openfire cloud servers. In less than two months, Aqua Nautilus researchers have observed over 1,000 attacks exploiting the Openfire vulnerability, tracked as CVE-2023-32315, which was disclosed and fixed in May. Openfire is a web-based real-time collaboration (RTC) server used as a chat platform over XMPP that supports over 50,000 concurrent users. This article continues to discuss the Kinsing threat group exploiting an Openfire vulnerability.
Dark Reading reports "Cyberattackers Swarm Openfire Cloud Servers With Takeover Barrage"