Security News

Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The botnet variant is being called Sysrv-K by Microsoft Security Intelligence researchers that posted a thread on Twitter revealing details of the botnet variant.

Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform.There are a number of tweaks included in Kali for ARM, especially in the Raspberry Pi image.

Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers.

Kali Linux is a Linux distribution for cybersecurity professionals and ethical hackers to perform penetration testing, security audits, and research against internal and remote networks. "The shell theme now includes a more modern look, removing the arrows from the pop-up menus and using more rounded edges. In addition, we've upgraded and tweaked the dash-to-dock extension, making it integrate better with the new look and fixing some bugs," the Kali Team explains in a new blog post.

Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. "The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers" by exploiting various vulnerabilities, the Microsoft Security Intelligence team said in a Twitter thread. "These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947."

A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. BPFdoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device.

NVIDIA has published the source code of its Linux kernel modules for the R515 driver, allowing developers to provide greater integration, stability, and security for Linux distributions. The products supported by these drivers include all models built on the Turing and Ampere architecture, released after 2018, including the GeForce 30 and GeForce 20 series, the GTX 1650 and 1660, and data center-grade A series, Tesla, and Quadro RTX. According to the GPU maker, this is a step toward improving its products' experience on the Linux platform, simplifying the integration process in Linux distributions, debugging, and boosting contribution activity.

How to install the NordLayer VPN client on Linux and connect it to a virtual network We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. NordLayer VPN is a VPN-based network security solution that can serve just about any sized business and allows admins to manage connections from a remote, web-based dashboard.

Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, say Microsoft researchers. It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire.

Microsoft has unearthed two security vulnerabilities in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many Linux endpoints, allowing them to deploy backdoors, malware, ransomware, or perform other malicious actions. CVE-2022-29799 is a directory traversal bug; CVE-2022-29800 is a time-of-check-time-of-use race condition that could allow an attacker to replace scripts that networkd-dispatcher believes to be owned by root to ones that are not.