Grafana Flaw CVE-2021-43798 Sees Surge in Exploits

Security researchers have detected a sudden and coordinated surge in exploitation attempts targeting a known Grafana path traversal vulnerability, CVE-2021-43798. Over a single day, 110 unique malicious IP addresses were observed scanning for vulnerable servers, with attacks focused on endpoints in just three geographic areas. The majority of the attack traffic originated from a single region, with most of the source IPs appearing for the first time on the day of the attack. The uniform targeting patterns and shared network fingerprints suggest a coordinated campaign using a common exploit kit rather than random scans. This activity highlights the ongoing risk posed by unpatched, older vulnerabilities, which are often used as an initial entry point in multi-stage attacks.

Latest mentioned: 10-03

Earliest mentioned: 10-03

Sources

securityonline.info gbhackers.com

Also Read

Salesforce Customer Data Leaked in Massive Extortion Plot

A hacking collective known as Scattered LAPSUS$ Hunters has launched a data leak site to extort dozens of companies. The group is threatening to release approximately one billion records stolen from victims' Salesforce instances if ransoms are not paid. High-profile organizations are listed on the site with samples of their stolen data, which includes sensitive customer and employee information. The threat actors are also pressuring Salesforce directly to pay a ransom to prevent the data of all its affected customers from being leaked. While the attacks targeted individual customer accounts, the cloud service provider states its core platform was not compromised.

10-03Read more →