Security News > 2023 > July > Hackers exploit BleedingPipe RCE to target Minecraft servers, players
Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.
BleedingPipe is a vulnerability found in many Minecraft mods caused by the incorrect use of deserialization in the 'ObjectInputStream' class in Java to exchange network packets between servers and clients.
In short, the attackers send specially crafted network packets to vulnerable Minecraft mod servers to take over the servers.
The threat actors can then use those hacked servers to exploit the flaws in the same Minecraft mods used by players that connect to the server, allowing them to install malware on those devices as well.
In a new report by a Minecraft security community, the researchers have found that the flaw impacts many Minecraft mods running on 1.7.10/1.12.2 Forge, which uses unsafe deserialization code.
MMPA says a threat actor is actively scanning for Minecraft servers on the internet that are impacted by this flaw to conduct attacks, so fixing any vulnerable mods installed on servers is essential.
News URL
Related news
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)