The Kinsing Malware is related to a campaign targeting misconfigured Docker Daemon API ports. This allows for threats like coinminers to spread in Linux-based environments. However, there are cases reported of utilizing CVE-2020-7961 to drop the threat in a regular Linux machine.
- Intrusion Prevention
1010225 - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)
- Deep Discovery Inspector Detection
DDI RULE 4383 - CVE-2020-7961 - LIFERAY PORTAL RCE EXPLOIT - HTTP (Request)
- Endpoint security solutions should be at the latest build version with the latest patterns.
- Update Liferay Portal if version is 7.2.1 CE GA2 and below.
- Use IPS Rule 1010225 - Liferay Portal Untrusted Deserialization Vulnerability (CVE-2020-7961)