Saturday , February 1 2025
Geoserver

Hacker to exploite GeoServer Vulnerability to Deploy Malware

infosecbulletin Tuesday , September 10 2024 Cyber Attack, Vulnerabilities

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8.

The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published flaw helps the unauthenticated external command execution exploit through structured attack input.

Indian tech giant Tata Tech hit by ransomware attack

By infosecbulletin / Saturday , February 1 2025
Tata Technologies reported a ransomware incident affecting some IT services, but it did not disrupt client deliveries, according to a...
Read More
Indian tech giant Tata Tech hit by ransomware attack

Vulnarabilitties found in Cisco webex and VMware Aria operation

By infosecbulletin / Friday , January 31 2025
A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of...
Read More
Vulnarabilitties found in Cisco webex and VMware Aria operation

Microsoft to boost M365 bounty program rewards Up to $27,000

By infosecbulletin / Friday , January 31 2025
Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for...
Read More
Microsoft to boost M365 bounty program rewards Up to $27,000

DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

By infosecbulletin / Friday , January 31 2025
Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured...
Read More
DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

By infosecbulletin / Thursday , January 30 2025
Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate...
Read More
Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

Hackers leverage Google’s subdomains, phone number to attack victims

By infosecbulletin / Thursday , January 30 2025
Scammers called a victim using Google's official support number and sent an email from an official subdomain. It's unclear how...
Read More
Hackers leverage Google’s subdomains, phone number to attack victims

DeepSeek Sensitive data exposed To Web: Wiz report

By infosecbulletin / Thursday , January 30 2025
New York-based cybersecurity firm Wiz has discovered sensitive data from the Chinese AI startup DeepSeek that was accidentally exposed on...
Read More
DeepSeek Sensitive data exposed To Web: Wiz report

“FirePass” starts its operation in Bangladesh officially

By infosecbulletin / Wednesday , January 29 2025
FirePass, a fire prevention and suppression system is officially started its operation in Bangladesh. Smart Data brings the world class...
Read More
“FirePass” starts its operation in Bangladesh officially

PoC Exploit Released for TP-Link Router XSS Vuln

By infosecbulletin / Wednesday , January 29 2025
A newly found XSS vulnerability, CVE-2024-57514, in the TP-Link Archer A20 v3 Router has raised security concerns for users. CVE-2024-57514 is...
Read More
PoC Exploit Released for TP-Link Router XSS Vuln

CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild

By infosecbulletin / Wednesday , January 29 2025
Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series...
Read More
CVE-2024-40891 Zyxel CPE Zero-Day Exploited in the Wild

GeoServer RCE Vulnerability:

Various threat actor took the advantages of this flaw to propagate malware in different countries and regions. GOREVERSE, a reverse proxy tool, and SideWalk, a Linux backdoor developed by APT41 are some of Malware. In addition, the malware used ChaCha20 and XOR encryption for traffic hiding and C2 communications. If hacker deploy Fast Reverse Proxy (FRP) tool it masks malicious data with legitimate traffic making.

According to the report , crypto miners connected to pools like SupportXMR and used scripts to uninstall cloud monitor agent applications and other means to deactivate security features which could harm to the affected organizations.

To counter this critical vulnerability, the original XPath expression evaluator was replaced by the “JXPathUtils.newSafeContext” function, which is considered safe.

Users are advised to take additional precautions to ensure the software to updated and patched, ensuring that there are surveillance tools in place for threats, and also making sure that access is very limited. However, all these steps are crucial in mitigating risks associated with potential exploits.

In effect, such concerns can be resolved by users before the GeoServer environments are deployed for use, consequently shielding the geospatial data infrastructure from compromise and threats as well as the functionality of that infrastructure as an open source one.

GeoServer is an open-source server for sharing geospatial data, and this open-source software server is written in Java.

It publishes data from any major spatial data source using open standards. GeoServer is designed for teamwork and allows users to share, process, and edit geospatial data.

Check Also

Apple

Apple fixed year’s first actively exploited zero-day flaw

Apple has issued security updates to address a zero-day flaw affecting iPhone users that is …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin