September 12, 2024 By Bill Toulas
Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software.
The two flaws exploited in attacks since August 30 are SQL injection vulnerabilities tracked as CVE-2024-6670 and CVE-2024-6671 that allow retrieving encrypted passwords without authentication.
Despite the vendor addressing the security issues more than two weeks ago, many organizations still have to update the software and threat actors are capitalizing on the delay.
