Security News

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
2023-07-13 12:56

"In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said. The repository masquerades as a PoC for CVE-2023-35829, a recently disclosed high-severity flaw in the Linux kernel.

New PyLoose Linux malware mines crypto directly from memory
2023-07-12 21:50

A new fileless malware named PyLoose has been targeting cloud workloads to hijack their computational resources for Monero cryptocurrency mining. Wiz's security researchers first detected PyLoose attacks in the wild on June 22nd, 2023, and have since confirmed at least 200 cases of compromise by the novel malware.

Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability
2023-07-06 10:55

Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot, the flaw impacts Linux versions 6.1 through 6.4.

New StackRot Linux kernel flaw allows privilege escalation
2023-07-06 07:27

Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "Minimal capabilities." The security issue is being referred to as StackRot and can be used to compromise the kernel and elevate privileges. StackRot impacts all kernel configurations on Linux versions 6.1 through 6.4.

How to View Your SSH Keys in Linux, macOS and Windows
2023-06-29 10:00

Pub The command will print out your SSH key on your Linux machine without prompting you for your key authentication password. How to view your SSH public key on macOS. Viewing your keys on macOS can be done in a similar fashion as on Linux.

Linux version of Akira ransomware targets VMware ESXi servers
2023-06-28 18:51

The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. BleepingComputer's analysis of the Linux encryptor shows it has a project name of 'Esxi Build Esxi6,' indicating the threat actors designed it specifically to target VMware ESXi servers.

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices
2023-06-23 07:30

Internet-facing Linux systems and Internet of Things devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said.

Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version
2023-06-22 17:33

Microsoft says Internet-exposed Linux and Internet of Things devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign. After gaining access to a system, the attackers deploy a trojanized OpenSSH package that helps them backdoor the compromised devices and steal SSH credentials to maintain persistence.

Beware bad passwords as attackers co-opt Linux servers into cybercrime
2023-06-21 19:50

Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they're seeing a lot of these days, where cybercriminals guess their way into Linux shell servers and use them as jumping-off points for further attacks, often against innocent third parties. These attackers are using the not-very-secret and not-at-all-complicated trick of finding Linux shell servers that are accepting SSH connections over the internet, and then simply guessing at common username/password combinations in the hope that at least one user has a poorly-secured account.

Hackers infect Linux SSH servers with Tsunami botnet malware
2023-06-20 17:50

An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig coin miner. Network administrators typically use SSH to manage Linux devices remotely, performing tasks such as running commands, changing the configuration, updating software, and troubleshooting problems.