Security News

The Cybersecurity and Infrastructure Security Agency has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild. PwnKit is a memory corruption bug that unprivileged users can exploit to gain full root privileges on Linux systems with default configurations.

Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.

Microsoft has fixed a container escape vulnerability in the Service Fabric application hosting platform that would allow threat actors to escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.

What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object library that is loaded into all running processes using LD PRELOAD, and parasitically infects the machine.

A new Golang-based peer-to-peer botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "Utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "Harvests SSH keys to perform lateral movement."

New botnet and cryptominer Panchan attacking Linux servers. Akamai Security Research announced on Wednesday it has uncovered a new botnet attacking the Linux servers of telecom and education providers in Asia, Europe and the Americas.

A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately.

A new Linux malware that's "Nearly impossible to detect" can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. The name is an homage to how the malware operates, which is differently than other Linux malware that researchers have encountered, Kennedy explained.

A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet. "The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit hard to detect," Avast security researchers David Álvarez and Jan Neduchal said in a report published Monday.

A new Linux rootkit malware named 'Syslogk' is being used in attacks to hide malicious processes, using specially crafted "Magic packets" to awaken a backdoor laying dormant on the device. Syslogk can force-load its modules into the Linux kernel, hide directories and network traffic, and eventually load a backdoor called 'Rekoobe.