Security
Headlines
HeadlinesLatestCVEs

Tag

#redis

New Linux Malware Alert: ‘Spinning YARN’ Hits Docker, Other Key Apps

By Deeba Ahmed Another day, another Linux malware! This is a post from HackRead.com Read the original post: New Linux Malware Alert: ‘Spinning YARN’ Hits Docker, Other Key Apps

HackRead
Open in Source
#vulnerability#web#linux#ddos#apache#redis#nodejs#rce#botnet#vmware#auth#docker
GHSA-wrqv-pf6j-mqjp: Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

### Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. ### Details A bug in Deno's Node.js compatibility runtime results in data cross-reception during simultaneous asynchronous reads from Node.js network streams. When multiple independent network socket connections are involved, this vulnerability can be triggered. For instance, two separate server sockets that receive data from their respective client sockets and then echo the received data back to the client using Node.js streams may experience an issue where data fro...

New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain

By Waqas Bifrost RAT, also known as Bifrose, was originally identified two decades ago in 2004. This is a post from HackRead.com Read the original post: New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain

Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution

Backdoor.Win32.Agent.amt malware suffers from bypass and code execution vulnerabilities.

Backdoor.Win32.Jeemp.c MVID-2024-0672 Hardcoded Credential

Backdoor.Win32.Jeemp.c malware suffers from a hardcoded credential vulnerability.

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.

Russian Ministry Software Backdoored with North Korean KONNI Malware

By Waqas Friend or Foe? This is a post from HackRead.com Read the original post: Russian Ministry Software Backdoored with North Korean KONNI Malware

Backdoor.Win32.Armageddon.r MVID-2024-0670 Hardcoded Credential

Backdoor.Win32.Armageddon.r malware suffers from a hardcoded credential vulnerability.

New Linux Malware “Migo” Exploits Redis for Cryptojacking, Disables Security

By Deeba Ahmed Migo Malware Campaign: User-Mode Rootkit Hides Cryptojacking on Linux Systems. This is a post from HackRead.com Read the original post: New Linux Malware “Migo” Exploits Redis for Cryptojacking, Disables Security

New Migo Malware Targeting Redis Servers for Cryptocurrency Mining

A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report. The cryptojacking attack is facilitated