The cybersecurity researchers at Lumen’s Black Lotus Labs asserted that in order to mine crypto-currencies and launch DDoS attacks, hackers are deploying an existing botnet called Chaos, which is rapidly expanding, to target and infect Windows and Linux devices. There are also various architectures that can be affected by this Go-based malware, and it includes […]
A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through […]
A Linux variant of the SideWalk backdoor has been developed by Chinese hackers who the Chinese government supports. Microsoft Windows OS-based systems belonging to academic institutions are targeted with this backdoor. A high level of confidence is assigned to the threat group SparklingGoblin, also known as Earth Baku, as the source of the malware. Moreover, […]
A critical flaw in the Linux kernel has been identified by a security expert (CVE-2022-2964, CVSS score: 7.8) that an adversary may use to execute arbitrary code. An adversary might utilize the CVE-2022-2964 flaw to run arbitrary code or bring about a DoS attack on the system by delivering a specifically designed request. Currently, security […]
A new stealthy Linux malware known as Shikitega that infects computers and IoT devices via a series of payloads. The malware makes use of privilege elevation, adds persistence on the host via crontab, and finally launches a crypto-miner on infected devices. Shikitega is quite stealthy, managing to evade antivirus detection by using a polymorphic encoder […]
A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. “An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist,” AT&T Alien Labs said in […]
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is “as nasty as Dirty Pipe.” Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level. “DirtyCred is a kernel exploitation concept that […]
The Dirty Cred Linux kernel attack was unveiled at the Black Hat security conference last week.The CVE-2022-0847 vulnerability was found by PhD student Zhenpeng Lin and his colleagues, who attempted to exploit the Linux kernel similarly to the classic Dirty Pipe vulnerability but using different strategies. A kernel exploitation concept called “DirtyCred” swaps out non-privileged […]
A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application called MiMi, with its installer files compromised to download […]
The Cyber Security Agency of the United States (CISA) added to its catalog of vulnerabilities that are being actively exploited a recently discovered flaw in UnRAR. About the UnRAR vulnerability As CVE-2022-30333, this is a path traversal vulnerability in the version of RAR for Linux and UNIX systems. If successfully exploited, a malicious actor is […]
We can say that Kali Linux is one of the most important distributions in terms of computer security. Now they have released their new version, Kali Linux 2022.3, which brings some interesting news. As usual, they add some features and also fix certain bugs that may have appeared in the previous version. We are going […]
A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. “This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers […]
Previously undetected malware called Lightning Framework that targets Linux systems can be used as a backdoor using SSH and deploy rootkits to cover the tracks of attackers. Described as a “Swiss Army Knife” in a report published today by Intezer, the Lightning Framework is modular malware that also comes with plugin support. “This framework has […]
A new ransomware family dubbed Luna was identified by Kaspersky Security researchers recently and it has been claimed that it’s written in Rust. With its use of the programming language, it becomes the third strain to use the language after BlackCat and Hive. There are many operating systems that can be encrypted with Luna, and […]
A never-before-seen Linux malware has been dubbed a “Swiss Army Knife” for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. “The framework has both […]
Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it’s called, is “fairly simple” and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES […]
Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system. The malware gets its name from one of the filenames that’s utilized to temporarily store the output of executed commands (“/tmp/.orbit”), according to cybersecurity firm Intezer. […]
A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. “The updates include the deployment of new versions of a crypto miner and an IRC bot,” Microsoft Security Intelligence said in a series of tweets […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit’s pkexec utility, […]
Amazon Linux team is advising its clients about a critical vulnerability affecting Linux servers. Amazon Linux 2 is a Linux operating system from Amazon Web Services (AWS). It offers a security-focused, stable, and high-performance OS to develop and run cloud applications. In 2021, critical vulnerabilities in the Java log4j package were published that affected Apache […]
In order to conceal malicious processes, a new Linux rootkit malware dubbed, ‘Syslogk’ has been hacking computers by using specially crafted “magic packets” and specially crafted exploits to wake up a hidden backdoor that is hidden on the machine. The new malware was discovered by researchers at the antivirus firm Avast. Based on an open-source […]