See also 10 dangerous app vulnerabilities to watch out for (free PDF) Web-based DNA sequencer applications are under attack from a mysterious hacker group using a still-unpatched zero-day to take control of targeted devices. The attacks have started two days ago, on June 12, and are still going on, according to Ankit Anubhav, a security researcher with NewSky Security, who shared his findings with ZDNet. Hackers planting shells on DNA sequencer web apps Anubhav says the group, which operates from an Iran-based IP address, has been scanning the internet for dnaLIMS, a web-based application installed by companies and research institutes to handle DNA sequencing operations. The researcher told ZDNet the hacker is exploiting CVE-2017-6526, a vulnerability in dnaLIMS that has not been patched to this day after the vendor was notified back in 2017. Anubhav says the attackers are using this vulnerability to plant shells that allow them to control the underlying web server from remote locations. Attack motives unknown It is unclear how the group is using these backdoors into hacked systems, post infection. Anubhav says there could be two scenarios. In the first, the attacker may be looking to exfiltrate hashes of DNA sequences from the application’s database. “DNA theft in specific cases can be fruitful,” Anubhav said. “Either it can be sold on the black market, or a high profile attacker can actually be looking for a specific person’s data.” Second, and the most plausible scenario, is that the attackers might be using the infected servers as… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.