Threat Actors Target DNA Sequencing Software

Threat actors are actively exploiting the CVE-2017-6526 vulnerability in dnaLIMS, a popular web-based bioinformatics laboratory information management system used by many scientific, academic, and medical institutions to process and manage DNA sequencing requests. The vulnerability originates from an improperly protected web shell. A POST request to view its page can be used to bypass authentication checks. Successful exploitation can result in DNA theft and for use in other exploits. At the time of this writing, there are no patches available. The NJCCIC recommends users patch systems as updates become available. We advise administrators to place the software behind a firewall, allow only users from certain IP addresses to access the web server (or specific directories), and use a VPN when remote access is performed. For more information, please review the Help Net Security article and the Shorebreak Security Product Security Advisory.