Tag: linux
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 23
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. SmokeLoader Attack Targets Companies in Taiwan LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT DroidBot: Insights from a new Turkish MaaS fraud operation RedLine, A […]…
-
Wubuntu: The lovechild of Windows and Linux nobody asked for
A third-party Kubuntu remix with a severe identity crisis First seen on theregister.com Jump to article: www.theregister.com/2024/12/05/wubuntu/
-
Analyzing Tokenizer Part 2: Omen + Tokenizer
“I have not failed. I’ve just found 10,000 ways that won’t work” – Thomas Edison Introduction: This is a continuation of a deep dive into John the Ripper’s new Tokenizer attack. Instruction on how to configure and run the original version of Tokenizer can be found [Here]. As a warning, those instructions need to be updated…
-
Security teams should act now to counter Chinese threat, says CISA
Tags: 5G, access, apple, at&t, attack, authentication, china, cisa, cisco, communications, control, cyber, cybersecurity, data, encryption, espionage, exploit, google, government, hacker, infrastructure, linux, microsoft, mitigation, mobile, monitoring, network, nist, password, risk, service, siem, technology, theft, threat, vpn, vulnerabilitySecurity teams and individuals across the US need to take immediate precautions to counter the surveillance threat posed by Chinese ‘Salt Typhoon’ hackers, who have burrowed deep into telecoms infrastructure, according to the US Cybersecurity and Infrastructure Security Agency (CISA).CISA issued an official alert recommending defensive measures on December 3, as federal officials briefed journalists…
-
Linux Foundation report highlights the true state of open source libraries in production apps
There are many metrics to track the prevalence of open source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III of Free and Open Source Software: Application Libraries leans on more than 12 million data points from software composition analysis…
-
FOSS security concerns increase amid widespread adoption
Tags: linuxA new report from the Linux Foundation, OpenSSF and First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366616699/FOSS-security-concerns-increase-amid-widespread-adoption
-
Linux Foundation report highlights the true state of open-source libraries in production apps
There are many metrics to track the prevalence of open-source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III of Free and Open Source Software: Application Libraries leans on more than 12 million data points from software composition analysis (SCA)…
-
Security Risks Persist in Open Source Ecosystem
An analysis by the Linux Foundation, OpenSSF and Harvard University found that there continues to be significant cybersecurity risks in open source software practices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/security-risks-open-source/
-
First-ever Linux UEFI bootkit turns out to be student project
Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windowsBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
-
First-ever Linux UEFI bootkit turns out to be research project
Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windowsBootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
-
‘Bootkitty’ First Bootloader to Take Aim at Linux
Though it’s still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/bootkitty-first-bootloader-target-linux-systems
-
UEFI-Bootkit Bootkitty für Linux ist offenbar Uni-Projekt aus Südkorea
Tags: linuxMehrere Sicherheitsforscher haben den Prototyp untersucht und Spannendes herausgefunden. Bootkitty nutzt auch die LogoFail-Lücke zur Einnistung im System. First seen on heise.de Jump to article: www.heise.de/news/Bootkitty-Prototyp-eines-Linux-UEFI-Rootkits-ist-koreanisches-Uni-Projekt-10182420.html
-
Discover the future of Linux security
Explore open source strategies to safeguard critical systems and data First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/discover_the_future_of_linux/
-
BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws
The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Cybersecurity researchers from ESET recently discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF…
-
ElizaRAT Exploits Google, Telegram, Slack Services For C2 Communications
APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated Windows RAT that, initially detected in 2023, employs advanced evasion tactics and robust C2 capabilities to target Indian government agencies, diplomatic personnel, and military installations. The group leverages multiple platforms, including Windows, Linux, and Android, to broaden its attack surface as…
-
Just Like Windows: Linux Targeted by First-Ever UEFI Bootkit – UPDATED
Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say. Cybersecurity researchers have discovered the first-ever UEFI bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The Bootkitty malware, first uploaded to VirusTotal this month, appears to be more proof of concept than full-fledged threat, they said. First seen on govinfosecurity.com…
-
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems
The recently uncovered ‘Bootkitty’ UEFI bootkit, the first malware of its kind targeting Linux systems, exploits CVE-2023-40238, aka ‘LogoFAIL,’ to infect computers running on a vulnerable UEFI firmware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bootkitty-uefi-malware-exploits-logofail-to-infect-linux-systems/
-
Linux 6.13-rc1 Released: What’s New!
In a recent announcement, Linus Torvalds, the creator of Linux, officially released the first release candidate (RC1) for Linux kernel version 6.13. This release marks the end of the merge window, and for the first time in recent memory, the release cycle timing aligns favorably with the holiday season, offering developers a chance to breathe…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 22
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. A Case-Control Study to Measure Behavioral Risks of Malware Encounters in Organizations PyPI Python Library >>aiocpa
-
Veeam fördert Datenfreiheit und unterstützt Oracle Linux Virtualization Manager
Mit der neuen Unterstützung für den Oracle Linux Virtualization Manager können Anwender umfassenden Schutz im großen Maßstab erzielen und dabei auf vo… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-foerdert-datenfreiheit-und-unterstuetzt-oracle-linux-virtualization-manager/a37115/
-
Check Point zeigt Schwachstellen im Linux CUPS-System auf
Check Points Kunden sind durch CloudGuard geschützt, insbesondere gegen Remote Code Execution (RCE), die durch die Sicherheitslücke CVE-2024-47176 aus… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-zeigt-schwachstellen-im-linux-cups-system-auf/a38580/
-
FYSA Critical RCE Flaw in GNU-Linux Systems
Summary A severe, unauthenticated remote code execution (RCE) flaw has been discovered in GNU Linux systems. The vulnerability, rated CVSS 9.9, affect… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/fysa-critical-rce-flaw-in-gnu-linux-systems/
-
DISGOMOJI: Neue Linux-Malware wird per Emoji gesteuert
Eine neue Linux-Malware mit dem Namen DISGOMOJI nutzt Emojis, um Befehle auf infizierten Geräten auszuführen. Entdeckt wurde der Schädling auf indisch… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/disgomoji-neue-linux-malware-wird-per-emoji-gesteuert
-
Linux News der Woche – Ubuntu 24.10, Space Marine 2 auf Linux, AMDs 3D V-Cache
Tags: linuxFirst seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/linux-news-der-woche-ubuntu-24-10-space-marine-2-auf-linux-amds-3d-v-cache.89954
-
File Transfer Cheatsheet: Windows and Linux
File transfer is a crucial step in the post-exploitation scenario while performing penetration testing or red teaming. There are various ways to do th… First seen on hackingarticles.in Jump to article: www.hackingarticles.in/file-transfer-cheatsheet-windows-and-linux/
-
OSINT : User Privacy in Linux
Linux telemetry involves gathering and sending data from a Linux-based system to an external server or service. The purpose of this process is often t… First seen on hackingarticles.in Jump to article: www.hackingarticles.in/osint-user-privacy-in-linux/
-
Oramfs: Resizable ORAM, Remote Storage Agnostic, Written in Rust
Today we are excited to release oramfs, a simple, flexible, Free Software ORAM implementation for Linux written in Rust. It is designed to support dif… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/06/30/oramfs-resizable-oram-remote-storage-agnostic-written-in-rust/