According to BKAV experts, CVE-2023-29489 is one of the typical web vulnerabilities, allowing hackers to steal user data such as information, access sessions... allowing command execution, controlling the web server remotely. The vulnerability affects cPanel management ports 2080, 2082, 2083, 2086 and applications running on default web service ports 80 and 443. That means millions of websites managed by cPanel are at risk of being attacked, especially when the exploit code (PoC) has been published.

Mr. Nguyen Van Cuong, Director of Cyber ​​Security of Bkav said: “cPanel is a website hosting management software, with more than 1.4 million installations connecting to the Internet. A cPanel manages from one to many websites, so the scope of influence will be very wide.”

BKAV recorded that in Vietnam, there were more than 2,500 installations of cPanel software. Given the serious impact of this vulnerability, BKAV recommends that units using cPanel immediately do the following: Immediately update to the latest versions, set up automatic update mode for cPanel.

At the same time, units using cPanel software, on both web systems running on ports 80 and 433, need to review the entire system to promptly detect and handle attacks.

Previously, BKAV discovered a serious supply chain attack campaign targeting the update of 3CXDesktopApp, a software of 3CX Company (USA) on both Windows and macOS.

3CXDesktopApp is an application for calling and customer care for businesses. This application has versions for popular operating systems including Windows, macOS and Linux.

Experts said that hackers inserted APT spyware into the update, which was digitally signed by 3CX itself, and then sent it to users' computers through automatic or manual updates. The victim's computer will have all information controlled and taken over. This is also a springboard for hackers to penetrate deep into the internal systems of businesses and organizations by escalating privileges. Experts said that hackers have prepared the infrastructure for the attack since February 2022 and accessed 3CX's system from at least November to December 2022.

In Vietnam, BKAV has recorded at least 318 units and organizations using 3CXDesktopApp, including many large enterprises and financial institutions. Given the particularly serious impact of this attack campaign, BKAV recommends that units using 3CXDesktopApp software immediately do the following: Close and disconnect all internet connections of the system to stop hacker intrusion and control. Update to the latest version of 3CXDesktopApp. Contact specialized cybersecurity units to conduct a comprehensive review of their entire system, including servers, workstations and cloud systems, to thoroughly remove spyware.

OFFICE STYLE