Is Keycloak 1.8 susceptible to this vulnerability?
Cisco Talos has identified millions of vulnerable JBoss servers that can potentially be infected with SamSam ransomware
Attackers used a JBoss-specific exploit called JexBoss -- a Jboss verification and exploitation tool -- to compromise vulnerable servers and then install webshells and backdoors
for remote access. Cisco Talos researchers found that compromised JBoss servers typically have more than one webshell installed, suggesting that the systems have been repeatedly compromised by different actors. The list of webshells include mela, shellinvoker, jbossinvoker, zecmd, cmd, genesis, sh3ll, and
jbot.
__________________________
BEN BAZIAN
Director, Information Systems
MBO Partners
t: 703.793.6010
f: 703.793.6079
e: bbazian@mbopartners.com
w: mbopartners.com
s: Twitter | Linkedin | Facebook
Notice: This email and any files transmitted with it are confidential. They are intended solely for the use of the individual addressed. If you have received this
email in error please notify postmaster@mbopartners.com and permanently delete the e-mail and files.