A critical flaw in the widely used SugarCRM customer relationship management system was taken advantage of just days after an exploit was made public.
Although it is unknown how long the flaw has been known or whether it has ever been used in targeted attacks, mass exploitation seems to have begun in early January. On December 28, 2022, someone posted a proof-of-concept (PoC) exploit for what they claimed to be a SugarCRM zero-day vulnerability that permits remote code execution and authentication bypass on the Full Disclosure mailing list.
Also Read: Researchers Issue a Critical Bug Warning for the Realtek Wi-Fi Module
On January 4, a researcher issued a cautionary post on Mastodon stating that the exploit had been used to distribute malware that was mining cryptocurrencies.
Read More: Recently Disclosed Vulnerability Exploited to Hack Hundreds of SugarCRM Servers
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates