• @[email protected]
    link
    fedilink
    English
    1
    edit-2
    3 months ago

    maybe the number of files it scans looking for misconfigurations

    So how did it get into the system to be able to scan configuration files?

    • @[email protected]
      link
      fedilink
      English
      43 months ago

      Separate remote code execution vulnerability in unupdated versions of RocketMQ, a Chinese-developed messaging/streaming server, in the case of the infection described in the article. It’s possible that there are a few other RCE vulns it can make use of, but 20000 of them seems unlikely.