Late final year, Cisco's Talos intelligence as well as inquiry grouping discovered three critical remote code execution (RCE) vulnerabilities inwards Memcached that exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers.
Memcached is a pop open-source as well as easily deployable distributed caching scheme that allows objects to travel stored inwards memory.
The Memcached application has been designed to speed upwards dynamic spider web applications (for illustration php-based websites) past times reducing stress on the database that helps administrators to increase surgical operation as well as scale spider web applications.
It's been well-nigh 8 months since the Memcached developers bring released patches for 3 critical RCE vulnerabilities (CVE-2016-8704, CVE-2016-8705 as well as CVE-2016-8706) but tens of thousands of servers running Memcached application are nonetheless vulnerable, allowing attackers to bag sensitive information remotely.
Researchers at Talos conducted Internet scans on ii different occasions, i inwards tardily Feb as well as some other inwards July, to notice out how many servers are nonetheless running the vulnerable version of the Memcached application.
And the results are surprising...
Results from Feb Scan:
- Total servers exposed on the Internet — 107,786
- Servers nonetheless vulnerable — 85,121
- Servers nonetheless vulnerable but withdraw authentication — 23,707
And the overstep five countries amongst most vulnerable servers are the United States, followed past times China, United Kingdom, French Republic as well as Germany.
Results from July Scan:
- Total servers exposed on the Internet — 106,001
- servers nonetheless vulnerable — 73,403
- Servers nonetheless vulnerable but withdraw authentication — 18,012
After comparison results from both the Internet scans, researchers learned that solely 2,958 servers constitute vulnerable inwards Feb scan had been patched earlier July scan, piece the remaining are nonetheless left vulnerable to the remote hack.
Data Breach & Ransom Threats
This ignorance past times organisations to apply patches on fourth dimension is concerning, equally Talos researchers warned that these vulnerable Memcached installations could travel an slow target of ransomware attacks similar to the i that striking MongoDB databases inwards tardily December.
Although dissimilar MongoDB, Memcached is non a database, it "can nonetheless comprise sensitive information as well as disruption inwards the service availability would surely Pb to farther disruptions on subject services."
The flaws inwards Memcached could let hackers to supersede cached content amongst their malicious i to deface the website, serve phishing pages, ransom threats, as well as malicious links to hijack victim's machine, placing hundreds of millions of online users at risk.
"With the recent spate of worm attacks leveraging vulnerabilities this should travel a scarlet flag for administrators some the world," the researchers concluded.
"If left unaddressed the vulnerabilities could travel leveraged to impact organisations globally as well as touching on concern severely. It is highly recommended that these systems travel patched at i time to assist mitigate the gamble to organisations."
Customers as well as organisations are advised to apply the land equally presently equally possible fifty-fifty to Memcached deployments inwards "trusted" environments, equally attackers amongst existing access could target vulnerable servers to motion laterally inside those networks.
Share This :
comment 0 Comments
more_vert