The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: redis server

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

September 21, 2022Ravie Lakshmanan
An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to  install a cryptocurrency miner . It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known technique" designed to trick the servers into writing data to arbitrary files – a case of  unauthorized access  that was first documented in September 2018. "The general idea behind this exploitation technique is to configure Redis to write its file-based database to a directory containing some method to authorize a user (like adding a key to '.ssh/authorized_keys'), or start a process (like adding a script to '/etc/cron.d')," Censys  said  in a new write-up. The attack surface management platform said it uncovered evidence (i.e., Redis commands) indicating efforts on part of the attacker to store malicious  crontab entries  into the file "/var/
75% of the 'Left to Get Hacked' Redis Servers Found Infected

75% of the 'Left to Get Hacked' Redis Servers Found Infected

June 05, 2018Wang Wei
Despite the continual emergence of new cyber attacks because of misconfigured servers and applications, people continue to ignore security warnings. A massive malware campaign designed to target open Redis servers, about which researchers warned almost two months ago, has now grown and already hijacked at least 75% of the total servers running publicly accessible Redis instances. Redis, or REmote DIctionary Server, is an open source, widely popular data structure tool that can be used as an in-memory distributed database, message broker or cache. Since it is designed to be accessed inside trusted environments, it should not be exposed on the Internet. Dubbed RedisWannaMine , a similar malware leveraging same loophole was discovered in late March by data center security vendor Imperva and designed to drop a cryptocurrency mining script on the targeted servers—both database and application. According to Imperva's March blog post , this cryptojacking threat was "more c
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.