Jared Stroud Cloud Security Researcher – Lacework Labs Key Points XMRigCC vulnerabilities enable rogue clients/compromised hosts/victims to attack upstream servers. Vulnerabilities include: Arbitrary file writing w/ specific extension of “_config.json“. Default configuration overwrite via client “worker-id” leading to potential client takeover. Persistent XSS via client “worker-id”. Remote Denial of Service via client “worker-id”. Summary [...]
The post Hidden Bugs in The Mines: Examining Vulnerabilities within Cryptocurrency Miners appeared first on Lacework.