Tag: Linux

December 1, 2022

The most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or […]

September 28, 2022

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability […]

September 16, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalogue, including CVEs in Code Aurora ACDB Audio Driver, Linux Kernel, Microsoft Windows and Trend Micro Apex One. CISA’s catalogue serves as […]

September 7, 2022

A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. “An attacker can gain full control of the system, in addition to the […]

September 7, 2022

A Linux-focused malware dubbed Shikitega has emerged to target endpoints and Internet of Things (IoT) devices with a unique, multistage infection chain that results in full device takeover and a cryptominer. Researchers at AT&T Alien Labs who spotted the bad […]

September 2, 2022

The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware […]

August 15, 2022

Called kCTF, the program was launched in 2020 to provide security researchers with the means to report vulnerabilities in the Google Kubernetes Engine (GKE), for which they receive a flag. “All of GKE and its dependencies are in scope, but […]

August 5, 2022

Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bot borrows a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it […]

June 29, 2022

This month’s scheduled Firefox release is out, with the new 102.0 version patching 19 CVE-numbered bugs. Despite the large number of CVEs, the patches don’t include any bugs already being exploited in the wild (known in the jargon as zero-days), […]

June 14, 2022

A new Linux malware that’s “nearly impossible to detect” can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. Researchers from The BlackBerry Research and Intelligence Team have […]

June 10, 2022

Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. “What makes Symbiote different from other Linux malware that we usually come across, is that it needs […]

March 14, 2022

A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 (CVSS score: 7.8), […]

March 8, 2022

An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Discovered by security researcher Max Kellermann, the flaw – which […]

February 9, 2022

As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and […]

January 31, 2022

More than half (53%) of the IoT (internet of things) and internet of medical things (IoMT) devices used in healthcare contain critical cybersecurity risks, according to The State of IoMT Device Security report by Cynerio, which analyzed devices from more […]

January 12, 2022

A new cross-platform backdoor called “SysJoker” has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that’s believed to have been initiated during the second half of 2021. “SysJoker masquerades as […]

December 3, 2021

E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. “This novel code injects […]

September 15, 2021

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. […]

September 14, 2021

Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in […]

August 11, 2021

Two of the advisories have been assigned a high severity rating. One of them describes a vulnerability affecting some Intel NUC 9 Extreme laptop kits that can be exploited by an authenticated attacker to escalate privileges. The flaw (CVE-2021-0196) is […]