Patch now! Ransomware attacks on servers observed with CyberPanel
Attackers are exploiting critical vulnerabilities in servers on which CyberPanel is installed. A secure version is available.
(Image: Black_Kira/Shutterstock.com)
Attackers from the PSAUX ransomware gang are currently targeting servers with the CyberPanel control panel. The developers have now released a security patch. Admins must act now.
The warning about the attacks comes from the support section of the CyberPanel website. The problem is publicly accessible admin interfaces, where the attackers exploit two"critical" vulnerabilities (CVE-2024-51567, CVE-2024-51568).
Security issues
The vulnerabilities were discovered by a security researcher with the pseudonym DreyAnd. He describes the security problem in detail in an article. During his investigation, he discovered three core problems: CyberPanel does not check authentication globally, but for individual subpages. This means that certain areas are not protected by authentication. In addition, user input is not sufficiently sanitized so that commands with malicious code can get through. Furthermore, security filter rules were comparatively easy to circumvent.
Videos by heise
As a result, remote attacks are possible without authentication and attackers can access servers with root rights. In such a position, far-reaching access is possible and attackers can completely compromise systems. According to media reports, PSAUX attackers have already attacked around 22,000 instances.
Patch now!
CyberPanel versions 2.3.5, 2.3.6 and 2.3.7 are threatened by the vulnerabilities. Admins should install the latest version quickly using the upgrade function. The developers are not currently specifying the name of the repaired version.
(des)
