Threats & Malware, Vulnerabilities
December 1, 2022
Via: Security WeekThe most severe of the security defects is CVE‑2022‑34669 (CVSS score of 8.8), an issue in the user mode layer of Nvidia’s Windows driver that could be exploited by an unprivileged attacker to access or tamper with system files or […]
Threats & Malware, Virus & Malware
September 28, 2022
Via: The Hacker NewsA new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. “Chaos functionality includes the ability […]
Threats & Malware, Vulnerabilities
September 16, 2022
Via: Computer WeeklyThe US Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalogue, including CVEs in Code Aurora ACDB Audio Driver, Linux Kernel, Microsoft Windows and Trend Micro Apex One. CISA’s catalogue serves as […]
Threats & Malware, Virus & Malware
September 7, 2022
Via: The Hacker NewsA new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. “An attacker can gain full control of the system, in addition to the […]
Threats & Malware, Virus & Malware
September 7, 2022
Via: Dark ReadingA Linux-focused malware dubbed Shikitega has emerged to target endpoints and Internet of Things (IoT) devices with a unique, multistage infection chain that results in full device takeover and a cryptominer. Researchers at AT&T Alien Labs who spotted the bad […]
Threats & Malware, Virus & Malware
September 2, 2022
Via: Security AffairsThe Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware […]
Cloud security, Security, Threats & Malware, Vulnerabilities
August 15, 2022
Via: Security WeekCalled kCTF, the program was launched in 2020 to provide security researchers with the means to report vulnerabilities in the Google Kubernetes Engine (GKE), for which they receive a flag. “All of GKE and its dependencies are in scope, but […]
August 5, 2022
Via: Security AffairsResearchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bot borrows a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it […]
Threats & Malware, Vulnerabilities
June 29, 2022
Via: Naked SecurityThis month’s scheduled Firefox release is out, with the new 102.0 version patching 19 CVE-numbered bugs. Despite the large number of CVEs, the patches don’t include any bugs already being exploited in the wild (known in the jargon as zero-days), […]
Threats & Malware, Virus & Malware
June 14, 2022
Via: Threat PostA new Linux malware that’s “nearly impossible to detect” can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. Researchers from The BlackBerry Research and Intelligence Team have […]
Threats & Malware, Virus & Malware
June 10, 2022
Via: Help Net SecuritySecurity researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. “What makes Symbiote different from other Linux malware that we usually come across, is that it needs […]
Threats & Malware, Vulnerabilities
March 14, 2022
Via: The Hacker NewsA newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 (CVSS score: 7.8), […]
Threats & Malware, Vulnerabilities
March 8, 2022
Via: Help Net SecurityAn easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Discovered by security researcher Max Kellermann, the flaw – which […]
February 9, 2022
Via: Help Net SecurityAs the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and […]
Threats & Malware, Vulnerabilities
January 31, 2022
Via: CSO OnlineMore than half (53%) of the IoT (internet of things) and internet of medical things (IoMT) devices used in healthcare contain critical cybersecurity risks, according to The State of IoMT Device Security report by Cynerio, which analyzed devices from more […]
Threats & Malware, Virus & Malware
January 12, 2022
Via: The Hacker NewsA new cross-platform backdoor called “SysJoker” has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that’s believed to have been initiated during the second half of 2021. “SysJoker masquerades as […]
December 3, 2021
Via: The Hacker NewsE-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. “This novel code injects […]
September 15, 2021
Via: The Hacker NewsMicrosoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. […]
Threats & Malware, Vulnerabilities
September 14, 2021
Via: Security AffairsGoogle released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited in attacks in […]
Threats & Malware, Vulnerabilities
August 11, 2021
Via: Security WeekTwo of the advisories have been assigned a high severity rating. One of them describes a vulnerability affecting some Intel NUC 9 Extreme laptop kits that can be exploited by an authenticated attacker to escalate privileges. The flaw (CVE-2021-0196) is […]