Cybercriminals have taken advantage of multiple vulnerabilities in CyberPanel to install ransomware and force tens of thousands of instances offline. Victims might be in luck though, since a decryption key appears to be available.
A cybersecurity researcher alias DreyAnd has announced finding three major vulnerabilities in CyberPanel 2.3.6, and possibly 2.3.7, which allowed for remote code execution, and arbitrary system commands execution.
They even published a proof-of-concept (PoC) to demonstrate how to take over a vulnerable server.
Decrypting the ransomware
CyberPanel is an open source web hosting control panel that simplifies the management of web servers and websites. It was built upon LiteSpeed, and allows users to manage websites, databases, domains, and emails. CyberPanel is especially popular for its integration with LiteSpeed’s OpenLiteSpeed server and LSCache, which enhance website speed and performance.
This prompted CyberPanel’s developers to issue a fix and post it on GitHub. Whoever downloads CyberPanel from GitHub, or upgrades an existing version, will get the fix. However, the tool did not get a new version, and the vulnerabilities were not assigned a CVE.
As reported by BleepingComputer, there were more than 21,000 internet-connected and vulnerable endpoints out there, roughly half of which were located in the US. Soon after the PoC was published, the number of visible instances dropped to mere hundreds. Some researchers confirmed that threat actors deployed the PSAUX ransomware variant, forcing the devices offline. Apparently, more than a hundred thousand domains and databases were managed through CyberPanel.
The PSAUX ransomware was named after a…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
