Tag

Kinsing Malware

All articles tagged with #kinsing malware

cybersecurity2 years ago•2 min saved

"Kinsing Malware Exploits Apache ActiveMQ RCE for Rootkit Infiltration"

The Kinsing malware is exploiting a critical vulnerability (CVE-2023-46604) in Apache ActiveMQ to compromise Linux systems. Despite a patch being released, thousands of servers remain exposed, allowing ransomware gangs like HelloKitty and TellYouThePass to take advantage. Kinsing targets Linux systems and deploys cryptocurrency miners on vulnerable servers. The malware uses the ProcessBuilder method to execute malicious bash scripts and download additional payloads, evading detection. It establishes persistence through a cronjob and adds a rootkit to ensure its code executes with every process on the system. Organizations are urged to upgrade Apache ActiveMQ to mitigate the threat.

via BleepingComputer|

#apache-activemq #cryptocurrency-miners #cybersecurity

cybersecurity2 years ago•2 min saved

Kinsing Hackers Exploit 'Looney Tunables' Linux Bug to Steal Cloud Credentials

Hackers behind the Kinsing malware are targeting vulnerable cloud environments by exploiting the Linux security issue known as "Looney Tunables" (CVE-2023-4911), which allows attackers to gain root privileges. The Kinsing malware, known for deploying cryptomining software, has been observed breaching cloud-based systems and applications such as Kubernetes, Docker APIs, Redis, and Jenkins. The attack involves exploiting a vulnerability in the PHP testing framework 'PHPUnit' to gain code execution, followed by leveraging the Looney Tunables issue for privilege escalation. The attackers are also interested in obtaining cloud service provider credentials, indicating a shift towards more sophisticated activities.

via BleepingComputer|

#cloud-environments #cve-2023-4911 #cybersecurity