More than 39,000 unauthenticated Redis servers connected to the internet have been discovered by Censys researchers to be targeted by an unknown attacker to facilitate cryptocurrency miner deployment, The Hacker News reports.
"The general idea behind this exploitation technique is to configure Redis to write its file-based database to a directory containing some method to authorize a user (like adding a key to '.ssh/authorized_keys'), or start a process (like adding a script to '/etc/cron.d')," said Censys.
While there has been no evidence indicating successful compromise of all hosts, Censys discovered that attackers sought to store malicious crontab entries in the "/var/spool/cron/root" file to facilitate shell script execution. The finding showed that China, the U.S., Germany, Singapore, and India had the most exposed and unauthenticated Redis services, while China and the U.S. had the most amount of exposed data.
"Israel is one of the only regions where the number of misconfigured Redis servers outnumber the properly configured ones," said Censys.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.