"Hackers Exploit MinIO Storage System to Breach Corporate Networks"

Hackers are exploiting two MinIO vulnerabilities to compromise object storage systems, gain access to private information, execute arbitrary code, and take control of servers. MinIO is an open-source object storage service compatible with Amazon S3 and capable of storing up to 50TB of unstructured data, logs, backups, and container images. MinIO is a popular, cost-effective option due to its high performance and adaptability, especially for Artificial Intelligence (AI)/Machine Learning (ML) and data lake applications. The two vulnerabilities discovered chained in attacks by Security Joes' incident responders are tracked as CVE-2023-28432 and CVE-2023-28434, two critical flaws affecting all versions of MinIO before RELEASE.2023-03-20T20-16-18Z. During an incident response engagement, analysts discovered that attackers attempted to deploy a modified version of the MinIO application, named Evil MinIO. This article continues to discuss hackers exploiting MinIO vulnerabilities to breach corporate networks. 

Bleeping Computer reports "Hackers Exploit MinIO Storage System to Breach Corporate Networks"