Tag: linux

Chrome Security Update Patch For 16 Vulnerabilities

Jan 15, 2025 12:02 PM

Tags: browser, chrome, cyber, google, linux, update, vulnerability, windows

Google has released a significant security update for its Chrome browser, addressing 16 vulnerabilities in version 132.0.6834.83/84 for Windows, Mac, and Linux platforms. This update, which will be rolled out over the coming days and weeks. While this security update includes several critical fixes and improvements to enhance the security of the web browser. The…
Passwort Folge 23: Schnitzeljagd um ein Linux-Bootkit

Jan 15, 2025 10:02 AM

Tags: linux, malware, password

Sicherheitsforscher finden zufällig die Malware “Bootkitty” und analysieren sie. Was kann sie und wer steckt dahinter? Christopher und Sylvester rätseln mit. First seen on heise.de Jump to article: www.heise.de/news/Passwort-Folge-23-Schnitzeljagd-um-ein-Linux-Bootkit-10236522.html
Linus Torvalds offers to build guitar effects pedal for kernel developer

Jan 13, 2025 3:26 PM

Tags: linux, software

‘I’m a software person with a soldering iron’, he warns alongside release of Linux 6.13-rc7 First seen on theregister.com Jump to article: www.theregister.com/2025/01/13/linus_torvalds_guitar_pedal_offer/
Anonymisierendes Linux: Tails 6.11 stopft kritische Sicherheitslecks

Jan 10, 2025 2:18 PM

Tags: linux

Die Linux-Distribution Tails zum Mitnehmen auf USB-Stick zum anonymen Surfen im Netz schließt mit Version 6.11 kritische Sicherheitslücken. First seen on heise.de Jump to article: www.heise.de/news/Anonymisierendes-Linux-Tails-6-11-stopft-kritische-Sicherheitslecks-10236120.html
Legitimate PoC exploited to spread information stealer

Jan 10, 2025 5:18 AM

Tags: access, awareness, backdoor, ceo, computer, cve, exploit, github, hacker, identity, infosec, Internet, linux, malicious, malware, open-source, RedTeam, social-engineering, software, tactics, threat, tool, training, vulnerability, windows

A recently copied and abused open source proof of concept (PoC) exploit from a reputable security company, aimed at helping threat researchers, is the latest example of the novel tactics hackers will use to spread malware.PoCs for known vulnerabilities are created to be shared by students, researchers, and IT pros to improve software and toughen…
Census III study spotlights ongoing open-source software security challenges

Jan 8, 2025 4:18 PM

Tags: linux, open-source, risk, software
Windows 10 users urged to upgrade to avoid “security fiasco”

Jan 5, 2025 10:18 PM

Tags: cybersecurity, linux, windows

Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a “security fiasco” as the 10-year-old operating system nears the end of support in October 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-users-urged-to-upgrade-to-avoid-security-fiasco/
US government sanctions Chinese cybersecurity company linked to APT group

Jan 3, 2025 11:17 PM

Tags: access, advisory, apt, attack, botnet, cctv, china, computer, control, cyberespionage, cybersecurity, ddos, exploit, finance, firewall, government, group, hacker, infrastructure, intelligence, iot, linux, malicious, malware, network, office, router, service, technology, threat, usa

The US Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against a Beijing cybersecurity company for its role in attacks attributed to a Chinese cyberespionage group known as Flax Typhoon.The company, called Integrity Technology Group (Integrity Tech), is accused of providing the computer infrastructure that Flax Typhoon used in its operations…
How To Use SCP (Secure Copy) With SSH Key Authentication

Jan 3, 2025 6:17 PM

Tags: authentication, linux

Here’s how to use the secure copy command, in conjunction with ssh key authentication, for an even more secure means of copying files to your remote Linux servers. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/how-to-use-secure-copy-with-ssh-key-authentication/
The 2024 cyberwar playbook: Tricks used by nation-state actors

Dec 25, 2024 7:43 AM

Tags: access, ai, apt, at&t, attack, authentication, backdoor, blizzard, botnet, breach, china, cisa, cloud, control, credentials, cve, cvss, cyber, cybersecurity, data, ddos, defense, detection, email, espionage, exploit, flaw, fortinet, google, government, group, hacker, hacking, healthcare, india, infrastructure, iran, ivanti, linux, login, malicious, malware, mfa, microsoft, mobile, network, offense, office, open-source, password, phishing, powershell, remote-code-execution, router, russia, service, social-engineering, software, spear-phishing, spy, strategy, supply-chain, tactics, theft, threat, tool, unauthorized, update, vpn, vulnerability, warfare, windows, worm, zero-day

In 2024, nation-state cyber activity was off the charts, with Chinese, Russian, and Iranian actors leading the charge. Their campaigns weren’t just relentless, they were innovative, using a crafty mix of Tactics, Techniques, and Procedures (TTPs) to gain footholds, stay hidden, and spy-like pros.”There was definitely a continued and noted uptick in nation-state activity in…
Top 7 zero-day exploitation trends of 2024

Dec 23, 2024 10:42 AM

Tags: access, ai, attack, authentication, backdoor, botnet, breach, bug-bounty, business, china, ciso, cloud, computing, control, corporate, cve, cyberespionage, cybersecurity, data, data-breach, defense, email, endpoint, exploit, firewall, flaw, framework, github, google, government, group, hacker, identity, infrastructure, injection, Internet, ivanti, kev, leak, linux, malicious, malware, ml, monitoring, moveIT, network, north-korea, open-source, password, programming, pypi, ransomware, remote-code-execution, risk, service, software, sql, supply-chain, tool, training, unauthorized, update, vpn, vulnerability, windows, zero-day

Zero-day vulnerabilities saw big growth once again in 2024. With no patch available, zero-day flaws give attackers a significant jump on cybersecurity defense teams, making them a critical weapon for attacking enterprise systems.But while all zero-days are essential for CISOs and their team to be aware of, and for vendors to remedy in a timely…
Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released

Dec 22, 2024 10:44 AM

Tags: kali, linux, threat, WeeklyReview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MUT-1244 targeting security researchers, red teamers, and threat actors A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/22/week-in-review-mut-1244-targets-both-security-workers-and-threat-actors-kali-linux-2024-4-released/
Cybersecurity Snapshot: CISA Hands Down Cloud Security Directive, While Threat from North Korean IT Workers Gets the Spotlight

Dec 20, 2024 4:46 PM

Tags: access, ai, authentication, best-practice, business, china, cisa, cisco, cloud, computer, control, cyber, cybersecurity, data, data-breach, email, extortion, finance, framework, fraud, google, government, guide, hacker, identity, incident, incident response, infrastructure, intelligence, international, Internet, jobs, korea, kubernetes, law, lessons-learned, linux, login, malicious, microsoft, mobile, monitoring, network, north-korea, office, password, regulation, risk, risk-management, russia, service, software, tactics, technology, threat, tool, update

Check out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs against cyberattacks. And get the latest on the U.S. cyber incident response framework; the CIS Benchmarks; and local and state governments’ cyber challenges. Dive…
Hackers Exploiting Linux eBPF to Spread Malware in Ongoing Campaign

Dec 18, 2024 5:42 PM

Tags: cybersecurity, exploit, hacker, linux, malware

KEY SUMMARY POINTS Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-linux-ebpf-malware-ongoing-campaign/
Hackers Exploit Linux eBPF Tech to Host Malware on GitHub and Blogs

Dec 18, 2024 4:42 PM

Tags: cybersecurity, exploit, github, hacker, linux, malware

KEY SUMMARY POINTS Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-linux-ebpf-tech-malware-github-blogs/
Hackers Exploit Linux SSH Servers Using Screen hping3 Tools With >>cShell<< Bot

Dec 18, 2024 9:42 AM

Tags: attack, cyber, data-breach, exploit, hacker, intelligence, linux, malware, monitoring, service, tool

The AhnLab Security Intelligence Center (ASEC) has detected a new strain of malware targeting poorly protected Linux SSH servers. This malware, named >>cShell,
Hackers Attacking Linux SSH Servers DDoS Bot cShell Using Screen hping3 Tools

Dec 18, 2024 8:43 AM

Tags: attack, cyber, data-breach, ddos, exploit, hacker, intelligence, linux, malware, monitoring, service, tool

The AhnLab Security Intelligence Center (ASEC) has detected a new strain of malware targeting poorly protected Linux SSH servers. This malware, named >>cShell,
Für Pentester und Sicherheitsforscher: Kali Linux 2024.4 mit 14 neuen Tools

Dec 17, 2024 3:44 PM

Tags: Hardware, kali, linux, tool

Die aktuelle Kali-Linux-Ausgabe bringt neue Werkzeuge mit und lässt sich noch flexibler auf Raspberry Pis installieren. First seen on heise.de Jump to article: www.heise.de/news/Fuer-Pentester-und-Sicherheitsforscher-Kali-Linux-2024-4-mit-14-neuen-Tools-10203399.html
Kali Linux 2024.4 released! 14 new shiny tools added

Dec 17, 2024 10:42 AM

Tags: kali, linux, tool, update

Kali Linux 2024.4 includes a broad set of updates and changes. The summary of the changelog since the 2024.3 release from September: Python 3.12 New default Python … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/17/kali-linux-2024-4-released/
Kali Linux 2024.4 Released What’s New!

Dec 17, 2024 8:42 AM

Tags: cyber, hacker, kali, linux, tool, update

Kali Linux has unveiled its final release for 2024, version Kali Linux 2024.4, packed with notable updates, including new tools and enhancements. This highly anticipated update caters to the needs of security professionals, ethical hackers, and tech enthusiasts with a mix of new tools, improved features, and expanded compatibility. Kali Linux 2024.4 Key Updates The…
Kali Linux 2024.4 released with 14 new tools, deprecates some features

Dec 16, 2024 11:42 PM

Tags: kali, linux, tool

Kali Linux has released version 2024.4, the fourth and final version of 2024, and it is now available with fourteen new tools, numerous improvements, and deprecates some features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kali-linux-20244-released-with-14-new-tools-deprecates-some-features/
PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms

Dec 15, 2024 5:42 PM

Tags: linux, tool

Researchers discovered PUMAKIT, a Linux rootkit capable of hiding files, escalating privileges, and evading system tools and detection. Elastic Security Lab researchers discovered a new loadable kernel module (LKM) rootkit called PUMAKIT that supports advanced evasion mechanisms. PUMAKIT features a multi-stage design including a dropper, memory-resident executables, and a rootkit. It leverages an LKM rootkit named…
Upstart Pumakit Linux rootkit malware examined

Dec 14, 2024 10:07 PM

Tags: linux, malware

First seen on scworld.com Jump to article: www.scworld.com/brief/upstart-pumakit-linux-rootkit-malware-examined
PUMA creeps through Linux with a stealthy rootkit attack

Dec 13, 2024 2:05 PM

Tags: access, attack, control, credentials, data, detection, group, infection, linux, malicious, malware, network, threat, tool

A new loadable kernel module (LKM) rootkit has been spotted in the wild compromising Linux systems with advanced stealth and privilege escalation features.PUMAKIT, as called by the Elastic Security researchers who discovered it during routine threat hunting on VirusTotal, was deployed as part of a multi-stage malware architecture that consists of a dropper, two memory-resident…
Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

Dec 13, 2024 2:05 PM

Tags: attack, cctv, control, cybersecurity, data, iot, iran, linux, malware, router, technology, threat

Iran-affiliated threat actors have been linked to a new custom malware that’s geared toward IoT and operational technology (OT) environments in Israel and the United States.The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers,…
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

Dec 13, 2024 11:05 AM

Tags: cybersecurity, detection, linux, tool

Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection.”PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with First seen on…
New stealthy Pumakit Linux rootkit malware spotted in the wild

Dec 13, 2024 12:05 AM

Tags: linux, malware

A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-stealthy-pumakit-linux-rootkit-malware-spotted-in-the-wild/
South Korean web giant Naver creates its own Linux distro

Dec 11, 2024 5:36 AM

Tags: linux

‘Navix’ follows OpenELA rules, comes with ten years support, and is already used in production at scale First seen on theregister.com Jump to article: www.theregister.com/2024/12/10/naver_navix_linux/
OpenWrt Update Flaw Exposed Devices to Malicious Firmware

Dec 10, 2024 10:08 PM

Tags: cve, cvss, data-breach, firmware, flaw, hacker, linux, malicious, service, update, vulnerability

Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check. A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143. First seen on…
EDR-Software ein Kaufratgeber

Dec 10, 2024 6:07 AM

Tags: ai, android, api, backup, browser, chrome, cloud, computing, crowdstrike, cyberattack, detection, edr, endpoint, firewall, identity, incident response, intelligence, iot, kubernetes, linux, macOS, mail, malware, microsoft, network, ransomware, risk, siem, soar, software, sophos, threat, tool, windows, zero-day