thecyberthrone.in
Open in
urlscan Pro
192.0.78.151
Public Scan
URL:
https://thecyberthrone.in/2024/10/30/psaux-ransomware-exploits-cyberpanel-vulnerabilities/
Submission: On December 17 via api from IN — Scanned from US
Submission: On December 17 via api from IN — Scanned from US
Form analysis 5 forms found in the DOM
GET https://thecyberthrone.in/
<form method="get" class="search-form" action="https://thecyberthrone.in/">
<input type="hidden" name="post_type" value="product">
<label>
<input type="search" class="search-field form-control" placeholder="Search for products..." value="" name="s">
</label>
<input type="submit" class="search-submit btn btn-primary mt-3" value="Search">
</form><form id="commentform" class="comment-form">
<iframe title="Comment Form"
src="https://jetpack.wordpress.com/jetpack-comment/?blogid=172946585&postid=34470&comment_registration=0&require_name_email=0&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&jetpack_comments_nonce=532eb9d41d&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=14.2-a.3&iframe_unique_id=1&show_cookie_consent=10&has_cookie_consent=0&is_current_user_subscribed=0&token_key=%3Bnormal%3B&sig=95ad293754c4081e40999b7f5a5dbba9a3da3a61#parent=https%3A%2F%2Fthecyberthrone.in%2F2024%2F10%2F30%2Fpsaux-ransomware-exploits-cyberpanel-vulnerabilities%2F"
name="jetpack_remote_comment" style="width:100%; height: 430px; border:0;" class="jetpack_remote_comment" id="jetpack_remote_comment" sandbox="allow-same-origin allow-top-navigation allow-scripts allow-forms allow-popups" scrolling="no">
</iframe>
<!--[if !IE]><!-->
<!--<![endif]-->
</form>POST https://wordpress.com/email-subscriptions
<form action="https://wordpress.com/email-subscriptions" method="post" accept-charset="utf-8" data-blog="172946585" data-post_access_level="everybody" data-subscriber_email="" id="subscribe-blog">
<div class="wp-block-jetpack-subscriptions__form-elements">
<p id="subscribe-email">
<label id="subscribe-field-label" for="subscribe-field" class="screen-reader-text"> Type your email… </label>
<input required="required" type="email" name="email" class="no-border-radius " style="font-size: 16px;padding: 15px 23px 15px 23px;border-radius: 0px;border-width: 1px;" placeholder="Type your email…" value="" id="subscribe-field"
title="Please fill in this field.">
</p>
<p id="subscribe-submit">
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="172946585">
<input type="hidden" name="source" value="https://thecyberthrone.in/2024/10/30/psaux-ransomware-exploits-cyberpanel-vulnerabilities/">
<input type="hidden" name="sub-type" value="subscribe-block">
<input type="hidden" name="app_source" value="">
<input type="hidden" name="redirect_fragment" value="subscribe-blog">
<input type="hidden" name="lang" value="en_US">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="b60cd547d6"><input type="hidden" name="_wp_http_referer" value="/2024/10/30/psaux-ransomware-exploits-cyberpanel-vulnerabilities/"><input type="hidden" name="post_id" value="34470">
<button type="submit" class="wp-block-button__link no-border-radius" style="font-size: 16px;padding: 15px 23px 15px 23px;margin: 0; margin-left: 10px;border-radius: 0px;border-width: 1px;" name="jetpack_subscriptions_widget"> Subscribe <span
class="jetpack-memberships-spinner"> <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z" opacity=".25" fill="currentColor"></path>
<path d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z" class="jetpack-memberships-spinner-rotating" fill="currentColor"></path>
</svg></span></button>
</p>
</div>
</form>POST https://wordpress.com/email-subscriptions
<form action="https://wordpress.com/email-subscriptions" method="post" accept-charset="utf-8" data-blog="172946585" data-post_access_level="everybody" data-subscriber_email="" id="subscribe-blog-2">
<div class="wp-block-jetpack-subscriptions__form-elements">
<p id="subscribe-email">
<label id="subscribe-field-2-label" for="subscribe-field-2" class="screen-reader-text"> Type your email… </label>
<input required="required" type="email" name="email" style="font-size: 16px;padding: 15px 23px 15px 23px;border-radius: 50px;border-width: 1px;" placeholder="Type your email…" value="" id="subscribe-field-2" title="Please fill in this field.">
</p>
<p id="subscribe-submit">
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="172946585">
<input type="hidden" name="source" value="https://thecyberthrone.in/2024/10/30/psaux-ransomware-exploits-cyberpanel-vulnerabilities/">
<input type="hidden" name="sub-type" value="subscribe-block">
<input type="hidden" name="app_source" value="atomic-subscription-modal-lo">
<input type="hidden" name="redirect_fragment" value="subscribe-blog-2">
<input type="hidden" name="lang" value="en_US">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="b60cd547d6"><input type="hidden" name="_wp_http_referer" value="/2024/10/30/psaux-ransomware-exploits-cyberpanel-vulnerabilities/"><input type="hidden" name="post_id" value="34470">
<button type="submit" class="wp-block-button__link" style="font-size: 16px;padding: 15px 23px 15px 23px;margin: 0; margin-left: 10px;border-radius: 50px;border-width: 1px;" name="jetpack_subscriptions_widget"> Subscribe <span
class="jetpack-memberships-spinner"> <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<path d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z" opacity=".25" fill="currentColor"></path>
<path d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z" class="jetpack-memberships-spinner-rotating" fill="currentColor"></path>
</svg></span></button>
</p>
</div>
</form><form id="jp-carousel-comment-form">
<label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label><textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field"
placeholder="Write a Comment..."></textarea>
<div id="jp-carousel-comment-form-submit-and-info-wrapper">
<div id="jp-carousel-comment-form-commenting-as">
<fieldset>
<label for="jp-carousel-comment-form-email-field">Email</label>
<input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-author-field">Name</label>
<input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-url-field">Website</label>
<input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
</fieldset>
</div>
<input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
</div>
</form>Text Content
Advertisements
Powered by wordads.co
We've received your report.
Thanks for your feedback!
Seen too often
Not relevant
Offensive
Broken
Report this ad
Skip to content
TheCyberThrone
Thinking Security ! Always
--------------------------------------------------------------------------------
* Latest Story
* AI
* Application Security
* Cloud Security
* AWS Security
* Azure Security
* Google Security
* Container Security
* Data Breaches
* Email Security
* Mobile Security
* Security Acquisition
* ZeroDay
* Certification Guide
* Cloud Certifications
* Network Certifications
* Security Certifications
* Security NewsLetter
* About Author
PSAUX RANSOMWARE EXPLOITS CYBERPANEL VULNERABILITIES
BY PravinKarthik October 30, 2024
--------------------------------------------------------------------------------
The PSAUX ransomware has seen exploiting CyberPanel vulnerabilities affects
versions 2.3.6 and 2.3.7 and permits unauthenticated attackers to gain root
access, enabling complete control over affected systems.
The vulnerabilities are tracked as CVE-2024-51567, CVE-2024-51568, and
CVE-2024-51378, each with a CVSS v3.1 score of 10, to compromise servers and
deploy PSAUX ransomware. These vulnerabilities, allows unauthenticated remote
root access.
1. CVE-2024-51567: This vulnerability lies in the upgrademysqlstatus function
within CyberPanel’s databases/views.py. By bypassing security middleware and
leveraging shell metacharacters in the statusfile property, attackers gain
remote command execution capability.
2. CVE-2024-51568: This vulnerability is a command injection
via completePath in the ProcessUtilities.outputExecutioner() function.
Attackers can execute arbitrary commands through file upload in the File
Manager, achieving remote code execution without authentication.
3. CVE-2024-51378: This vulnerability affects the getresetstatus function
in dns/views.py and ftp/views.py. Like the others, it allows remote command
execution by bypassing the middleware, making it a high-risk flaw.
Advertisements
Threat intelligence from LeakIX, revealed that 21,761 exposed CyberPanel
instances were online as of October 26, with nearly half located in the United
States. These instances collectively managed over 152,000 domains and databases,
forming a massive target for ransomware operators.
Cybersecurity researcher DreyAnd, credited with the discovery of the
vulnerabilities, first went public on October 27, sharing proof of concept (PoC)
exploits for the flaws. The demonstration included missing authentication,
command injection, and security filter bypass to affect a complete server
takeover through root-level remote code execution (RCE).
The PSAUX ransomware, which first surfaced in June 2024, is designed to
infiltrate web servers through both vulnerabilities and configuration
weaknesses. Upon exploitation, PSAUX performs the following malicious actions
not limited to Encrypting using AES Keys and RSA encryption of the AES Keys with
initialization Vector (IV) and displays the ransom note index.html
Advertisement
This attack leveraged specialized scripts, including ak47.py for exploiting
CyberPanel’s vulnerabilities and actually.sh for file encryption.
Advertisements
In response to the attack, LeakIX released a decryptor for PSAUX-encrypted
files. However, administrators are cautioned to exercise care: the decryptor
success relies on the ransomware operators’ use of known encryption keys. If an
incorrect decryption key is applied, it could result in irreversible data loss.
Users are advised to create backups before attempting decryption.
On October 29, CyberPanel issued an official statement acknowledging the
vulnerabilities, crediting the researchers for their rapid reporting, and
detailing remediation steps for affected users:
CyberPanel users are strongly urged to update their installations to the latest
patched versions available on GitHub.
SHARE THIS:
*
*
*
* WhatsApp
* Save
* Reddit
*
* Telegram
* Mastodon
*
LIKE THIS:
Like Loading...
RELATED STORIES
THECYBERTHRONE SECURITY WEEKLY REVIEW – NOVEMBER 2, 2024
Welcome to TheCyberThrone cybersecurity week in review will be posted covering
the important security happenings. This review is for the weeks ending
Saturday, November 2, 2024. PSAUX Ransomware exploits CyberPanel Vulnerabilities
The PSAUX ransomware has seen exploiting CyberPanel vulnerabilities affects
versions 2.3.6 and 2.3.7 and permits unauthenticated attackers to gain root
access, enabling…
THECYBERTHRONE CYBERSECURITY NEWSLETTER TOP 5 ARTICLES – NOVEMBER, 2024
Welcome to TheCyberThrone cybersecurity month in review will be posted covering
the important security happenings . This review is for the month ending
November, 2024 Subscribers favorite #1 Apache Airflow addresses CVE-2024-45784
Apache Airflow has been affected by a high severity vulnerability that could
expose sensitive configuration data, potentially compromising system security.…
THE CYBERTHRONE MOST EXPLOITED VULNERABILITIES REVIEW – NOVEMBER 9, 2024
Welcome to TheCyberThrone most exploited vulnerabilities review. This review is
for the weeks ending Saturday, November 9, 2024. Grafana Labs The vulnerability
tracked as CVE-2024-9264 with a 9.4-severity vulnerability in the SQL
Expressions experimental feature of Grafana, an open-source analytics and
monitoring platform developed by Grafana Labs. It affects Grafana's SQL
Expressions experimental feature, which…
Tags: CVE-2024-51378, CVE-2024-51567, CVE-2024-51568, Cyberpanel
vulnerabilities, PSAUX Ransomware, Security
POST NAVIGATION
QNAP fixes CVE-2024-50388 that’s exploited in Pwn2Own Ireland
Proofpoint Acquires Normalyze
ONE THOUGHT ON “PSAUX RANSOMWARE EXPLOITS CYBERPANEL VULNERABILITIES”
* Pingback:Critical CyberPanel Vulnerability (CVE-2024-51378): How to Stay
Protected - F1TYM1
LEAVE A REPLYCANCEL REPLY
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Advertisements
Powered by wordads.co
We've received your report.
Thanks for your feedback!
Seen too often
Not relevant
Offensive
Broken
Report this ad
TRENDING POST
* Exploit Code released for Spring Framework CVE-2024-38819
* Apache Struts was affected by CVE-2024-53677
* Dell fixes CVE-2024-37143 and CVE-2024-38144 vulnerabilities
* AuthQuake vulnerability with Microsoft to Bypass MFA
* Microsoft Patch Tuesday December 2024
* Clop ransomware exploits Cleo Vulnerability in its attacks
ARCHIVES
Archives Select Month December 2024 (41) November 2024 (73) October 2024 (81)
September 2024 (65) August 2024 (75) July 2024 (61) June 2024 (50) May 2024
(49) April 2024 (42) March 2024 (43) February 2024 (36) January 2024 (51)
December 2023 (67) November 2023 (66) October 2023 (80) September 2023 (95)
August 2023 (98) July 2023 (109) June 2023 (87) May 2023 (83) April 2023
(95) March 2023 (107) February 2023 (96) January 2023 (87) December 2022
(100) November 2022 (95) October 2022 (72) September 2022 (97) August 2022
(103) July 2022 (86) June 2022 (113) May 2022 (101) April 2022 (98) March
2022 (122) February 2022 (121) January 2022 (168) December 2021 (175)
November 2021 (137) October 2021 (130) September 2021 (109) August 2021
(128) July 2021 (109) June 2021 (108) May 2021 (81) April 2021 (73) March
2021 (72) February 2021 (68) January 2021 (85) December 2020 (63) November
2020 (60) October 2020 (59) September 2020 (48) August 2020 (48) July 2020
(49) June 2020 (45) May 2020 (46) April 2020 (37) March 2020 (34) February
2020 (15)
Clcik
CLICK TO SUBSCRIBE
Type your email…
Subscribe
FOLLOW US
* Facebook
* Twitter
* Instagram
Advertisements
© 2020-2024, TheCyberThrone.in, All Rights Reserved
TOP
DISCOVER MORE FROM THECYBERTHRONE
Subscribe now to keep reading and get access to the full archive.
Type your email…
Subscribe
Continue reading
Loading Comments...
Write a Comment...
Email Name Website
%d
Share