Kinsing Hackers Exploit 'Looney Tunables' Linux Bug to Steal Cloud Credentials

November 6, 2023 at 08:26 PM

•

1 min read

Kinsing Hackers Exploit 'Looney Tunables' Linux Bug to Steal Cloud Credentials — Photo: BleepingComputer

TL;DR Summary

Hackers behind the Kinsing malware are targeting vulnerable cloud environments by exploiting the Linux security issue known as "Looney Tunables" (CVE-2023-4911), which allows attackers to gain root privileges. The Kinsing malware, known for deploying cryptomining software, has been observed breaching cloud-based systems and applications such as Kubernetes, Docker APIs, Redis, and Jenkins. The attack involves exploiting a vulnerability in the PHP testing framework 'PHPUnit' to gain code execution, followed by leveraging the Looney Tunables issue for privilege escalation. The attackers are also interested in obtaining cloud service provider credentials, indicating a shift towards more sophisticated activities.

Topics:technology #cloud-environments #cve-2023-4911 #cybersecurity #kinsing-malware #linux-security #looney-tunables

Share this article

Hackers exploit Looney Tunables Linux bug, steal cloud creds BleepingComputer
‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks SecurityWeek
Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits DARKReading
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments The Hacker News
Exploited 'Looney Tunables' Linux privileged escalation bug linked to Kinsing threat actor SC Media
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

78%

440 → 96 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights