Recherche : [Redis] - Cyberveille

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own https://www.bleepingcomputer.com/news/security/hackers-exploit-vmware-esxi-microsoft-sharepoint-zero-days-at-pwn2own/

18/05/2025 12:15:10

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox.
The highlight was a successful attempt from Nguyen Hoang Thach of STARLabs SG against the VMware ESXi, which earned him $150,000 for an integer overflow exploit.

Dinh Ho Anh Khoa of Viettel Cyber Security was awarded $100,000 for hacking Microsoft SharePoint by leveraging an exploit chain combining an auth bypass and an insecure deserialization flaw.

Palo Alto Networks' Edouard Bochin and Tao Yan also demoed an out-of-bounds write zero-day in Mozilla Firefox, while Gerrard Tai of STAR Labs SG escalated privileges to root on Red Hat Enterprise Linux using a use-after-free bug, and Viettel Cyber Security used another out-of-bounds write for an Oracle VirtualBox guest-to-host escape.

In the AI category, Wiz Research security researchers used a use-after-free zero-day to exploit Redis and Qrious Secure chained four security flaws to hack Nvidia's Triton Inference Server.

On the first day, competitors were awarded $260,000 after successfully exploiting zero-day vulnerabilities in Windows 11, Red Hat Linux, and Oracle VirtualBox, reaching a total of $695,000 earned over the first two days of the contest after demonstrating 20 unique 0-days.

The Pwn2Own Berlin 2025 hacking competition focuses on enterprise technologies, introduces an AI category for the first time, and takes place during the OffensiveCon conference between May 15 and May 17.

CVE-2024-31227: Finding a DoS Vulnerability in Redis https://docs.axelmierczuk.io/posts/cve-2024-31227

09/10/2024 20:11:10

A case study on advanced fuzzing techniques for network services.

New P2Pinfect version delivers miners and ransomware on Redis servers https://securityaffairs.com/164968/malware/p2pinfect-delivers-miners-ransomware-on-redis.html

27/06/2024 08:45:03

Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads.

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware

01/02/2023 21:42:57

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021. Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet has taken control of at least 1,200 servers.

This blog will delve into the details of the HeadCrab attack, examining its methods of operation, techniques used to evade detection, and steps organizations can take to safeguard their systems.

Liens par page

Filtres