Security News
The malware was dubbed "Shikitega" for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to "Mutate" its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each deliver multiple attacks, beginning with an ELF file that's just 370 bytes.
AT&T cybersecurity researchers have discovered a sneaky piece of malware targeting Linux endpoints and IoT devices in the hopes of gaining persistent access and turning victims into crypto-mining drones. Popular adventure clothing brand The North Face and shoe company Vans, subsidiaries of the same parent company, have admitted to a credential stuffing attack that netted its attacker 194,905 user's worth of PII. Most every piece of PII stored on the two websites were compromised, with the exception of credit card numbers, which the brands' parent company VF Outdoors said it doesn't store on its sites.
Linux is the most secure operating system on the market; for years, that has been one of the open source platform's best selling points. If I had to guess, I'd say that the rise of malicious software targeting Linux deployments will become staggering over the next decade.
A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. The findings add to a growing list of Linux malware that has been found in the wild in recent months, including BPFDoor, Symbiote, Syslogk, OrBit, and Lightning Framework.
A new stealthy Linux malware known as Shikitega has been discovered infecting computers and IoT devices with additional payloads. The malware exploits vulnerabilities to elevate its privileges, adds persistence on the host via crontab, and eventually launches a cryptocurrency miner on infected devices.
Trend Micro predicted that ransomware groups will increasingly target Linux servers and embedded systems over the coming years. Jon Clay, VP of threat intelligence for Trend Micro, said: "New and emerging threat groups continue to evolve their business model, focusing their attacks with even greater precision. That's why it's essential that organizations get better at mapping, understanding, and protecting their expanding digital attack surface. A single, unified cybersecurity platform is the best place to start."
Chile's national computer security and incident response team has announced that a ransomware attack has impacted operations and online services of a government agency in the country. The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "As nasty as Dirty Pipe.". "DirtyCred is a kernel exploitation concept that swaps unprivileged kernel credentials with privileged ones to escalate privilege," researchers Zhenpeng Lin, Yuhang Wu, and Xinyu Xing noted.
More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week. These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.
A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "Secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index on August 6, 2022 and is described as "Secrets matching and verification made easy."