Security News

An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. The SSH key is said to have been set on 15,526 out of 31,239 unauthenticated Redis servers, suggesting that the attack was attempted on "Over 49% of known unauthenticated Redis servers on the internet."

Security researchers have noticed an increase in the number of databases publicly exposed to the Internet, with 308,000 identified in 2021. In the first quarter of 2022, the amount of exposed databases peaked to 91,200 instances, researchers at threat intelligence and research company Group-IB say in a report shared with BleepingComputer.

The U.S. Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies to patch a Google Chome zero-day and a critical Redis vulnerability actively exploited in the wild within the next three weeks. The Muhstik malware gang has added a dedicated spreader exploit for the Redis Lua sandbox escape vulnerability after a proof-of-concept exploit was publicly released on March 10th. According to a binding operational directive issued in November, Federal Civilian Executive Branch Agencies agencies must secure their systems against these vulnerabilities, with CISA giving them until April 18th to patch.

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine.

The Muhstik malware gang is now actively targeting and exploiting a Lua sandbox escape vulnerability in Redis after a proof-of-concept exploit was publicly released. On March 10th, a proof-of-concept exploit was publicly released on GitHub, allowing malicious actors to run arbitrary Lua scripts remotely, achieving sandbox escape on the target host.

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis. The new malware is a step up from the previous threat used by the group in that it comes with self-spreading capabilities, blindly throwing exploits at discovered machines.

ScaleGrid has just announced support for their MySQL, PostgreSQL and Redis solutions on DigitalOcean. ScaleGrid's MySQL, PostgreSQL and Redis solutions on DigitalOcean are competitively priced starting at just $15/GB, the same as DigitalOcean's Managed Database solution, but offer on average 30% more storage for the same price.

Redis Labs announced a new strategic agreement with MicrosoftMicrosoft to deliver Redis Enterprise as new, fully integrated tiers of Azure Cache for Redis. The new service offering, available in Private Preview, will unlock the power of Redis for Azure customers' mission-critical workloads through advanced, enterprise-grade functionality, including Redis on Flash, modules, and, in the future, the ability to create an active geo-redundant cache for hybrid-cloud architectures.

Redis Labs, the home of Redis and provider of Redis Enterprise, announced the availability of Redis 6.0 and the rollout of Redis Enterprise 6.0 beginning with the company's cloud offering. Redis Enterprise 6.0 builds on the open-source release with role-based access control and support for Redis Streams for Active-Active databases to give customers foundational new security and operational capabilities as they increasingly rely on Redis for primary-database use cases.