Recent reports from threat monitoring platform GreyNoise reveal a significant increase in cyber attacks targeting two critical vulnerabilities from 2022 and 2023. The vulnerabilities affect the ThinkPHP Framework (CVE-2022-47945) and ownCloud file-sharing solution (CVE-2023-49103).

ThinkPHP Vulnerability
The ThinkPHP Framework vulnerability (CVE-2022-47945) allows unauthorized remote attackers to execute system commands through a local file inclusion flaw. GreyNoise has detected attacks from 572 unique IP addresses, showing increased activity despite its low 7% EPSS rating. Chinese threat actors have been actively exploiting this vulnerability since October 2023.

ownCloud Vulnerability
CVE-2023-49103, affecting ownCloud’s file-sharing platform, enables attackers to access sensitive information including admin passwords and server credentials. The vulnerability, stemming from a third-party library dependency, was listed among 2023’s top 15 most exploited vulnerabilities by FBI, CISA, and NSA. Recent activity shows attacks originating from 484 unique IP addresses.

Security Recommendations:
– Upgrade ThinkPHP to version 6.0.14 or later
– Update ownCloud GraphAPI to version 0.3.1 or newer
– Take vulnerable systems offline or implement firewall protection
– Regularly monitor and patch security vulnerabilities

Despite available patches, many systems remain unprotected and exposed to these active threats, emphasizing the importance of timely security updates and system maintenance.