Security News

Microsoft Defender can now isolate compromised Linux endpoints
2023-01-31 08:14

Microsoft announced today that it added device isolation support to Microsoft Defender for Endpoint on onboarded Linux devices. Enterprise admins can manually isolate Linux machines enrolled as part of a public preview using the Microsoft 365 Defender portal or via API requests.

New Boldmove Linux malware used to backdoor Fortinet devices
2023-01-20 16:02

The attackers were focused on maintaining persistence on exploited devices by using the custom malware to patch the FortiOS logging processes so that specific log entries could be removed or to disable the logging process altogether. Yesterday, Mandiant published a report about a suspected Chinese espionage campaign leveraging the FortiOS flaw since October 2022 using a new 'BOLDMOVE' malware explicitly designed for attacks on FortiOS devices.

New SHC-compiled Linux malware installs cryptominers, DDoS bots
2023-01-04 22:29

A new Linux malware downloader created using SHC has been spotted in the wild, infecting systems with Monero cryptocurrency miners and DDoS IRC bots. According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
2023-01-04 08:32

A new Linux malware developed using the shell script compiler has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center said in a report published today.

Kali Linux: What’s next for the popular pentesting distro?
2023-01-03 05:30

The answer the second question - How to make Kali the best possible platform for training? - we work very closely with the OffSec content development team to find out what tools they are using for training, what sort of default environment works best for learners, and what we can do in Kali to support general education efforts. Surprisingly, even though Kali is built for advanced information security work, it is often the first Linux many users ever use.

WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws
2023-01-02 07:50

WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week.

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?
2022-12-27 19:35

ZDI doesn't just deal in competitive bug hunting in its twice-a-year contests, so it also regularly puts out vulnerability notices for zero-days that were disclosed in more conventional ways, like this one, entitled Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability. Even though this bug has had some dramatic coverage over the holiday weekend, given that it was a remote code execution hole in the Linux kernel itself, and came with a so-called CVSS score of 10/10, considered Critical.

Back to work, Linux admins: You may have a CVSS 10 kernel bug to address
2022-12-24 10:00

Merry Christmas, Linux systems administrators: Here's a kernel vulnerability with a CVSS score of 10 in your SMB server for the holiday season giving an unauthenticated user remote code execution. Luckily for the sysadmins reaching for more brandy to pour in that eggnog, it doesn't appear to be that widespread. Discovered the Thalium Team vulnerability research team at French aerospace firm Thales Group in July, the vulnerability is specific to the ksmbd module that was added to the Linux kernel in version 5.15.

Menacing Malware: Exposing Threats Lurking in your Linux-Based Multi-Cloud
2022-12-19 11:00

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Exposing Malware in Linux-Based Multi-Cloud Environments
2022-12-19 11:00

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.