Public Redis exploit used by malware gang to grow botnet
Threat analysts report having spotted a change in the operations of the Muhstik threat group, which has now switched to actively exploiting a Lua sandbox escape flaw in Redis. [...]
Sandboxing isolates untrusted code or files so analysts and security tools can observe behavior and limit damage from malware.
Search across headline titles and summaries.
Background for this topic.
A sandbox is an isolated environment for running or inspecting software, files, or workloads without giving them the same access as the host system. In security, it commonly supports malware analysis, suspicious-file detonation, browser and application isolation, and safe testing of potentially vulnerable code. Isolation may rely on virtual machines, containers, operating-system controls, or combinations of these mechanisms.
Sandboxes reduce risk but are not automatically safe: vulnerabilities in the sandbox or hypervisor can enable an escape, and malware may detect analysis conditions and change its behavior. Effective deployments restrict privileges, filesystem access, credentials, and network connectivity; reset environments after use; and monitor activity. Analysts should also protect submitted samples, which can contain confidential data. Sandbox observations can supply threat-intelligence indicators and help validate detections, but a clean result is not proof that code is benign.
Threat analysts report having spotted a change in the operations of the Muhstik threat group, which has now switched to actively exploiting a Lua sandbox escape flaw in Redis. [...]
Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service (DoS) attacks. [...]