When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
First things first - the two vulnerabilities being abused here are tracked as CVE-2023-46805, and CVE-2024-21887.
The former carries a severity score of 8.2, while the latter 9.1.
Sliver, on the other hand, is an open-source, cross-platform post-exploitation framework built in the Go language.
Some use it as an alternative to Cobalt Strike, it was said.
These include not just Sliver, but also Brute Ratel, Viper, Meterpreter, and Havoc.
Apparently, hackers started ditching Cobalt Strike due to stronger defenses being set up by their targets.
Sliver was developed by a cybersecurity firm called BishopFox.
Besides Sliver, some hackers are apparently using these vulnerabilities to install XMRig on the vulnerable endpoints.
XMRig is a cryptojacker that hijacks the devices computing power and quietly mines the Monero cryptocurrency for the attackers.
ViaThe Hacker News
