Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing (aka Money Libra) is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications – Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, cloud-hosted Apache NiFi instances, and so on – to deploy cryptominers. Kinsing exploiting PHPUnit and Looney Tunables vulnerabilities In this latest attack … More

The post Looney Tunables bug exploited for cryptojacking appeared first on Help Net Security.