Unknown threat actors have been seen using MinIO’s high-performance object storage system’s high-severity security holes as weapons to execute unauthorized code on vulnerable systems.
Security Joes, a company that specializes in cybersecurity and crisis response, claimed that the attack used a publicly accessible exploit chain to backdoor the MinIO instance.
the first of which was posted to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) list of Known Exploited Vulnerabilities (KEV) on April 21, 2023, consists of CVE-2023-28432 (CVSS score: 7.5) and CVE-2023-28434 (CVSS score: 8.8).
The two flaws “possess the potential to expose sensitive information present within the compromised installation read more Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.