Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis (Remote Dictionary Server) servers.
Redis (remote dictionary server) is an open source in-memory database and cache.
The CVE-2022-0543 flaw is a Lua sandbox escape flaw that impacts Debian and Debian-derived Linux distributions. The vulnerability, which was rated 10 out of 10 for severity, could be exploited by a remote attacker with the ability to execute arbitrary Lua scripts to possibly escape the Lua sandbox and execute arbitrary code on the underlying machine.
In March 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its Known Exploited Vulnerabilities Catalog.