Browsing tag
E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. “This novel code injects itself into a host Nginx application and is nearly invisible,” Sansec Threat Research team said […]
Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware “enables server-side Magecart data theft which bypasses browser-based security solutions,” Sansec Threat Research said. The […]
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that’s capable of stealing payment information from compromised websites. “The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms,” researchers from Sansec Threat Research said in an analysis. […]
The malware is currently targeting Linux-embedded routers and IoT devices through botnets. The IT security researchers at AT&T Alien Labs have tracked down malware utilizing over 30 different exploits to compromise routers and Internet of Things (IoT) devices. According to their analysis, the malware is an early beta version linked with the infamous Mirai botnet. […]
Researchers from Qihoo 360’s Netlab security team have released details of a new evolving botnet called “Abcbot” that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed […]
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability “can be exploited locally […]
Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel. In 2017, MacAfee researchers disclosed a memory corruption bug inside the Linux kernel’s UDP fragmentation offload (UFO) that allowed unauthorized individuals to gain local privilege escalation. The bug affected both IPv4 and IPv6 code paths running kernel version 4.8.0 […]
Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that’s engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family, dubbed “FontOnLake” by Slovak cybersecurity firm ESET, is said to feature “well-designed […]
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The “distinct tradecraft” marks the first instance where a threat actor has been […]
Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that’s actively set its sights on government, telecommunications, information technology, and financial institutions in the wild. The as-yet undetected version of the penetration testing tool — codenamed “Vermilion Strike” — marks one of the rare Linux ports, […]
Researchers are calling the HolesWarm the “king of vulnerability exploitation” as the malware has already exploited 20 known Linux and Windows vulnerabilities in just a month. The IT security researchers at Tencent have disclosed details of a newly discovered malware with cryptomining capabilities leveraging over 20 known vulnerabilities, mainly in unpatched Windows and Linux servers. […]
LemonDuck was first discovered in China in 2019 as a cryptocurrency botnet that used affected systems for Monero mining. According to a new report from Microsoft 365 Defender Threat Intelligence Team, a revamped version of LemonDuck crypto-mining malware is now targeting Windows and Linux devices. The malware lets threat actors insert backdoors, steal credentials, and conduct a […]
According to researchers, the PRISM backdoor has been on their radar for more than 3.5 years. Security researchers at AT&T Labs have published a report sharing details of a newly discovered Linux ELF executables cluster having zero to low antivirus detections on VirusTotal. Researchers noted that these executables have a modified version of the open-source backdoor […]
Cybersecurity researchers at Berlin-based infosec company Positive Security have identified two serious zero-day vulnerabilities impacting Pling-based FOSS (free and open-source software) marketplaces for Linux. The vulnerabilities remain unpatched and can be exploited to launch supply-chain attacks or achieve RCE (remote code execution) against Linux marketplaces. The vulnerabilities were discovered in Opendesktop’s Pling. Positive Security’s co-founder […]
The newly discovered DarkRadiation ransomware chain is unlike any other ransomware family. Trend Micro cybersecurity researchers have shared findings of a newly identified ransomware strain dubbed DarkRadiation. The ransomware strain is entirely written in Bash, and this aspect makes it difficult for most security software to detect it as a threat. SEE: Revil ransomware gang hits US […]
Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said […]
An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. “LemonDuck, an actively updated and robust malware that’s primarily […]
Microsoft’s Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. The vulnerability has been nicknamed “SeriousSAM.” “Starting with Windows […]
Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called “DarkRadiation” that’s implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications. “The ransomware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions,” researchers from Trend Micro […]
Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed “Facefish” by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to […]
New RotaJakiro Stealthy Linux Malware With System Backdoor Capabilities Went Unnoticed for 3 Years. Qihoo 360’s Network Security Research Lab, aka 360 NetLab, the research team has discovered a new Linux malware with outstanding backdoor capabilities. The malware is dubbed RotaJakiro, and it allows attackers to steal and exfiltrate sensitive system data from compromised devices. […]