Redis servers running on Debian and Ubuntu Linux are being targeted by the Muhstik malware gang through a Lua sandbox escape flaw, tracked as CVE-2022-0543, following the public release of a proof-of-concept exploit, BleepingComputer reports.
The Muhstik malware group began abusing the vulnerability to deploy malware that would help facilitate distributed denial-of-service just a day after the PoC was released, according to a Juniper Threat Labs report.
Since its discovery in 2018, the suspected Chinese botnet has been found to survive by leveraging new flaws to target numerous devices. Some of the bugs it targeted included the Oracle WebLogic Server vulnerabilities, tracked as CVE-2017-10271 and CVE-2019-2725, as well as a Drupal RCE flaw, tracked as CVE-2018-7600. Muhstik was identified to have launched attacks against Confluence Servers in September, which involved the exploitation of CVE-2021-26084, before proceeding to exploit unpatched Apache Log4j implementations.
Organizations with Redis implementations have been advised to either update to the latest version or use Bionic, Trusty, and other non-vulnerable systems.
Vulnerable SSH servers could be compromised to secure private RSA host keys through a new passive attack method that involves the observation of computational faults during the signing process that exposes the private keys, The Hacker News reports.
BleepingComputer reports that widely used 3D computer graphics software suite Blender has been impacted by site outages due to distributed denial-of-service attacks that have been ongoing since the weekend.
Network security: New tools for an aging art
The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead
Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news