Blue Mockingbird Exploiting Web Apps


Blue Mockingbird Exploiting Web Apps

A Monero cryptocurrency mining campaign has made the headlines exploiting a known vulnerability in public-facing web apps. These web apps are built on the ASP.NET open-source framework.

What is happening?

The campaign has been named Blue Mockingbird by Red Canary analysts who detected this operation. The threat actors have been found to exploit a deserialization vulnerability, CVE-2019-18935, that permits remote code execution. The bug is found in the Progress Telerik UI front-end offering for ASP.NET AJAX.

Read more…