Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw


Malicious actors are exploiting critical vulnerabilities in Progress Software’s WhatsUp Gold, just hours after the release of a proof-of-concept (PoC) for CVE-2024-6670, which allows attackers to retrieve encrypted passwords. Despite patches being available, the PoC led to opportunistic attacks within five hours of its release on August 30, 2024. Threat actors are using the WhatsUp Gold Active Monitor PowerShell Script to deploy remote access tools, potentially indicating ransomware activity. This is the second instance of WhatsUp Gold vulnerabilities being actively exploited in recent months.

Read More


thumb-image

Solutions