Researchers uncover botnet targeting decade-old CMS vulnerability

The results of a six-month investigation into a botnet that targets a vulnerability in content management systems have been released today by Imperva Research Labs. The botnet known as 'KashmirBlack' first appeared around November 2019 and is still active. It's managed by a single command and control server and uses more than 60 servers -- mostly innocent surrogates -- as part of its infrastructure. KashmirBlack exploits the PHPUnit RCE vulnerability to infect its victim -- despite it being a known, patchable vulnerability that is almost a decade old. The hackers are likely targeting CMS because they are notorious for poor… [Continue Reading]