Tag: linux
-
Achtung: Xubuntu-Webseite verteilte seit Okt. 2025 Malware
Noch eine kurze Warnung für Linux-Interessenten, die sich für Xubuntu interessieren. Es gibt Berichte, dass die betreffende Xubuntu-Webseite Malware verteilen könnte. Inzwischen ist die Download-Seite deaktiviert. Also Vorsicht walten lassen und heruntergeladenes möglichst nicht verwenden, bis das geklärt ist. Diskussion auf … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/19/achtung-xubuntu-webseite-verteilte-malware/
-
Support-Ende für Windows 10 – Habt ihr schon gewechselt und wenn ja, wohin?
Wie hält es die Community mit Windows 11, liebäugelt ihr mit Linux und welche Windows-Versionen sind rückblickend eure Lieblinge? First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/support-ende-fuer-windows-10-habt-ihr-schon-gewechselt-und-wenn-ja-wohin.94729
-
TDL 007 – Cyber Warriors Digital Shadows: Insights from Canada’s Cybersecurity Leader
Tags: ai, awareness, backup, breach, browser, business, cio, ciso, communications, conference, control, corporate, country, cryptography, cyber, cybersecurity, dark-web, data, data-breach, defense, dns, email, encryption, finance, government, healthcare, identity, incident, infrastructure, intelligence, Internet, jobs, law, leak, linux, malicious, mfa, mitigation, network, organized, phone, privacy, ransom, ransomware, RedTeam, resilience, risk, risk-management, router, service, startup, strategy, supply-chain, switch, tactics, technology, theft, threat, tool, training, windowsSummary In this episode of The Defender’s Log, host David Redekop interviews Sami Khoury, the Senior Official for Cybersecurity for the Government of Canada. With a career spanning 33 years at the Communication Security Establishment (CSE), Khoury shares how a coincidental job application blossomed into a lifelong passion for national security. Khoury emphasizes that modern…
-
Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. >>The operation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/hackers-used-cisco-zero-day-to-plant-rootkits-on-network-devices-cve-2025-20352/
-
Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. >>The operation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/hackers-used-cisco-zero-day-to-plant-rootkits-on-network-devices-cve-2025-20352/
-
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux
Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerabilitySecurity researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
-
LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux
Tags: access, backdoor, cve, cyber, data-breach, exploit, infection, Internet, linux, malicious, monitoring, technology, threat, vulnerabilitySecurity researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial…
-
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in ‘Zero Disco’ Attacks
Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems.The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple…
-
Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits
Hackers exploit Cisco SNMP flaw CVE-2025-20352 in “Zero Disco” attacks to deploy Linux rootkits on outdated systems, researchers report. Trend Micro researchers disclosed details of a new campaign, tracked as Operation Zero Disco, that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected…
-
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/
-
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv.”This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other…
-
New Rootkit Campaign Exploits Cisco SNMP Flaw to Gain Persistence
Trend Micro have reported a campaign exploiting a flaw in Cisco SNMP to install Linux rootkits on devices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rootkit-campaign-exploits-cisco/
-
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in “Zero Disco’ Attacks
Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems.The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple…
-
Cisco SNMP Vulnerability Actively Exploited to Install Linux Rootkits
Cybersecurity researchers at Trend Micro have discovered an active attack campaign dubbed >>Operation Zero Disco
-
Cisco SNMP Vulnerability Actively Exploited to Install Linux Rootkits
Cybersecurity researchers at Trend Micro have discovered an active attack campaign dubbed >>Operation Zero Disco
-
200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass
About 200K Linux systems from Framework shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. Firmware security company Eclypsium warns that about 200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. The experts pointed out that signed…
-
200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass
About 200K Linux systems from Framework shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. Firmware security company Eclypsium warns that about 200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. The experts pointed out that signed…
-
Framework flame war erupts over support of politically polarizing Linux projects
Laptop maker’s apolitical endorsement of politically contentious projects meets resistance First seen on theregister.com Jump to article: www.theregister.com/2025/10/14/framework_linux_controversy/
-
Security-Insider Podcast Folge 105, Teil 3 – Linux als Alternative zu Windows 10
First seen on security-insider.de Jump to article: www.security-insider.de/linux-anstatt-windows-10-podcast-a-ef2c2f89399c1929014e84c66766a0c7/
-
Security-Insider Podcast Folge 105, Teil 3 – Linux als Alternative zu Windows 10
First seen on security-insider.de Jump to article: www.security-insider.de/linux-anstatt-windows-10-podcast-a-ef2c2f89399c1929014e84c66766a0c7/
-
Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops
Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems/
-
Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops
Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems/
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
Open-source DFIR Velociraptor was abused in expanding ransomware efforts
Attribution and the ransomware cocktail: Talos links the campaign to Storm-2603, a suspected China-based threat actor, citing matching TTPs like the use of ‘cmd.exe’, disabling Defender protections, creating scheduled tasks, and manipulating Group Policy Objects. The use of multiple ransomware strains in a single operation Warlock, LockBit, and Babuk also bolstered confidence in this attribution.”Talos…
-
itSpecial
Agentforce im Privacy Center Salesforce Ivanti hat Connect Secure generalüberholt: Ivanti hat auf der it-sa die Version 25.X von Ivanti Connect Secure (ICS) vorgestellt. Nach den Sicherheitsvorfällen zu Beginn des Jahres wurde die VPN-Software nun laut Hersteller nach dem Prinzip ‘Security by Design” neu entwickelt. Dazu gehören ein moderner Webserver und eine Web Application Firewall…
-
itSpecial
Agentforce im Privacy Center Salesforce Ivanti hat Connect Secure generalüberholt: Ivanti hat auf der it-sa die Version 25.X von Ivanti Connect Secure (ICS) vorgestellt. Nach den Sicherheitsvorfällen zu Beginn des Jahres wurde die VPN-Software nun laut Hersteller nach dem Prinzip ‘Security by Design” neu entwickelt. Dazu gehören ein moderner Webserver und eine Web Application Firewall…
-
itSpecial
Agentforce im Privacy Center Salesforce Ivanti hat Connect Secure generalüberholt: Ivanti hat auf der it-sa die Version 25.X von Ivanti Connect Secure (ICS) vorgestellt. Nach den Sicherheitsvorfällen zu Beginn des Jahres wurde die VPN-Software nun laut Hersteller nach dem Prinzip ‘Security by Design” neu entwickelt. Dazu gehören ein moderner Webserver und eine Web Application Firewall…
-
PoC Released for Linux Kernel ksmbd Filesystem Vulnerability
Security researcher Norbert Szetei published the final installment of his deep-dive into the ksmbd filesystem module, culminating in a working proof-of-concept exploit targeting CVE-2025-37947. Unlike earlier use-after-free candidates that required complex race conditions or depended on external factors, this vulnerability offers a deterministic out-of-bounds (OOB) write primitive. Szetei’s PoC was tested on Ubuntu 22.04.5 LTS…