An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée. One of the artifacts is designed to drop a kernel-mode rootkit that’s based […]
Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. “ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server,” AhnLab Security Emergency response Center (ASEC) said in […]
Recently, security analysts at SentinelOne got to know about an infamous IceFire ransomware that has been found attacking both Windows and Linux enterprise networks. An IceFire ransomware attack encrypts the files of the victim and demands payment in exchange for the key to decrypt them. This malware has been responsible for a great deal of […]
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to cybersecurity company SentinelOne. […]
The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software and resist reverse […]
A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different campaigns likely conducted by the same threat actor. […]
The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. “The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom,” SentinelOne researcher Antonis Terefos said in […]
A new privilege escalation vulnerability has been identified in the Linux kernel by researcher Davide Ornaghi. This vulnerability might enable a local attacker to execute code on vulnerable computers with elevated rights if the kernel is installed on those systems. Additionally, Davide published the proof-of-concept and the write-up. The vulnerability, which has been assigned the […]
This flaw, which has been identified that affects the ksmbd NTLMv2 authentication in the Linux kernel, is known to quickly cause the operating system on Linux-based computers to crash. Namjae Jeon is the developer of KSMBD, which is an open-source In-kernel CIFS/SMB3 server designed for the Linux Kernel. It is an implementation of the SMB/CIFS […]
A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. “It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system,” AhnLab Security Emergency Response Center (ASEC) said in a […]
In an attempt to inject malicious JavaScript into WordPress plugins and themes that are outdated, a previously detected Linux malware that is unknown has been found exploiting 30 vulnerabilities. The targeted website is injected with malicious JavaScript code if any outdated versions of the vulnerable add-ons are used on the site, as they lack crucial […]
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. “If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts,” Russian security vendor Doctor Web said in a […]
The use after free vulnerability, which is linked to ksmbd, affects computers running Linux distributions powered by kernels earlier than 5.15.61. This leaves susceptible systems open to cyberattacks from a remote location. SMB servers that have ksmbd enabled are vulnerable to hacking due to a serious vulnerability in the Linux kernel (CVSS score of 10). […]
A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS. The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero […]
A recently discovered security flaw in the Linux kernel might be exploited locally by an attacker to get elevated privileges on susceptible computers and run malicious script on such systems. The vulnerability, which has been assigned the tracking number CVE-2022-4139 and received a CVSS score of 7.0, affects impacted Linux kernel stable branches (all of […]
Redhat has just just published a risk advisory about a vulnerability in the Linux Kernel that allows for local privilege escalation. This vulnerability is tracked as CVE-2022-3910 (CVSS score: 7.4). This vulnerability is referred to be a use-after-free problem, and it can be found in io uring on the Update of Reference Count. io uring […]
The local privilege escalation vulnerability in the Linux Kernel was reported by Redhat, and its CVE code is 2022-3977. The problem is that the most recent Linux kernel upstream contains a use-after-free vulnerability called mctp sk unhash that may be exploited to elevate privileges to root. When a program tries to utilize memory that has […]
It appears that 16 malicious campaigns have been carried out by a Russian-speaking ransomware group called OldGremlin (aka TinyScouts). A combination of these campaigns was launched by the operators over the course of two and a half years targeting the organizations that are operating within the transcontinental Eurasian nation. The cybersecurity analysts at Group-IB affirmed […]
The OverlayFS file system implementation in the Linux kernel is where the vulnerability, CVE-2021-3493, exist. Although it only seems to impact Ubuntu, it allows a local user without administrative rights to get root access. The vulnerability is now included in CISA’s “Known Exploited Vulnerabilities Catalog,” and government entities have until November 10 to fix their […]
The Linux kernel WiFi stack has five serious flaws, according to research, which a hacker might use to execute arbitrary code or inflict a denial of service. CVE-2022-42719 The vulnerability, identified as CVE-2022-42719, was brought on by a use-after-free issue in the multi-BSSID element’s ieee802 11 parse elems full function of net/mac80211/util.c. A remote authenticated […]
A security investigator has discovered three new code execution flaws in the Linux kernel that might be exploited by a local or external adversary to take control of the vulnerable computers and run arbitrary code.The roccat_report_event function in drivers/hid/hid-roccat.c has a use-after-free vulnerability identified as CVE-2022-41850 (CVSS score: 8.4). A local attacker might exploit this […]