A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware “utilizes its built-in concurrency features to maximize spreadability and execute malware modules” and “harvests SSH keys to perform lateral movement.” The feature-packed botnet, which […]
A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet. “The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit […]
Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. “Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead it prefers to direct the impacted victim to negotiations through […]
BlackBerry ThreatVector researchers detailed the detection of a new malware strain for Linux systems capable of living at the expense of compromised system resources. Dubbed Symbiote, experts say that this strain is highly sophisticated and has a parasitic behavior never seen before, advancing by leaps and bounds throughout Latin America. The main feature of Symbiote […]
Cybersecurity researchers have taken the wraps off what they call a “nearly-impossible-to-detect” Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim’s resources like […]
There has been an increasing amount of interest in targeting the Windows Subsystem for Linux (WSL), due to the fact that they continue to develop new malware, as hackers continue to analyze WSL for potential exploits. Having such a sample available for espionage purposes and for the downloading of extra malicious components would be acceptable. […]
Currently, a new botnet extends its reach with the help of code originating from various pieces of malware. The company is doing so by rapidly adding exploits for several vulnerabilities recently identified in the following things:- Web servers Content management systems IoT Android devices As of March, when the latest analysis of the botnet emerged, […]
A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). “The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities,” AT&T Alien Labs said in a technical write-up published last week. “Services […]
A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is known to have been […]
Microsoft is warning of a new variant of the srv botnet that’s exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers. […]
A couple of months ago Ubuntu and Debian officials published security advisories related to CVE-2022-0543, a vulnerability derived from a bug in the Redis package in operating systems that received a score of 10/10 according to the Common Vulnerability Scoring System (CVSS). According to security advisories, insufficient disinfection of the Lua environment, employed by Redis, […]
A Microsoft security report details the finding of a set of vulnerabilities that would allow threat actors to escalate privileges on Linux systems in order to inject ransomware, backdoors, and other severe threats. The flaws were identified as Nimbuspwn and their exploitation would trigger access to root privileges on compromised systems. Nimbuspwn refers to the […]
Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities. Collectively called “Nimbuspwn,” the flaws “can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, […]
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360’s Netlab security team called it B1txor20 “based on its propagation using the file name ‘b1t,’ the XOR encryption algorithm, and the RC4 algorithm […]
Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed “Dirty Pipe” (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the […]
Cybersecurity specialists report the detection of a severe vulnerability in the Linux kernel whose exploitation would allow threat actors to escape from a container to execute arbitrary commands. The flaw was tracked as CVE-2022-0492 and received a score of 7/10 according to the Common Vulnerability Scoring System (CVSS). The flaw was described as a privilege […]
Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be […]
Cybersecurity specialists report the detection of a critical vulnerability in the pkexec component of Polkit whose exploitation would allow obtaining root user privileges in the main Linux distributions. Tracked as CVE-2021-4034, the flaw can only be exploited remotely, reducing the risk of attack. Dubbed “PwnKit”, the flaw has been around for about 12 years, so […]
A new multi-platform malware has been detected in the wild recently by the security experts at Intezer that is stealing users’ sensitive data from all the major platforms like:- Windows Mac Linux This malware has been named ‘SysJoker,’ and this malware comes with several stealthy features; among them comes the capability to circumvent detection on […]
Cybersecurity specialists from Intezer reported the detection of a new cross-platform malware variant capable of infecting Windows, macOS and Linux systems. Dubbed as SysJoker, the malware is highly evasive and even VirusTotal has trouble identifying iterations for Linux and Mac systems. This malware variant was first identified in mid-2021 during a cyberattack targeting a Linux-based […]
A new cross-platform backdoor called “SysJoker” has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that’s believed to have been initiated during the second half of 2021. “SysJoker masquerades as a system update and generates its [command-and-control server] by decoding a string retrieved from a […]