Security News

Microsoft announced today that the Chromium-based Edge web browser is now generally available on the Linux platform via the stable channel. In September 2019, Redmond asked for feedback from Linux users on the release of the Edge browser for Linux to flesh out the requirements needed for an official launch.

Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue rewards worth $31,337 for exploiting privilege escalation in a lab environment for each patched vulnerability, an amount that can climb up to $50,337 for working exploits that take advantage of zero-day flaws in the kernel and other undocumented attack techniques.

The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms. The ransomware's Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices' root file systems.

We've been using Edge on Linux for quite some time, first in Dev Build form, then in its Beta flavour. As you probably know, Edge no longer has Microsoft's in-house HTML and JavaScript engines at its core, but is based, like many other contemporary browsers, on the Google-derived open source Chromium project.

Microsoft has announced the addition of new live macOS and Linux response capabilities to Defender for Endpoint, the enterprise version of Redmond's Windows 10 Defender antivirus. They are designed to help security operations teams to trigger response actions straight from the live response interface during incident investigations.

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question - named okhsa, klow, and klown - were published by the same developer and falsely claimed to be JavaScript-based user-agent string parsers designed to extract hardware specifics from the "User-Agent" HTTP header.

Security vendor CrowdStrike claims it's spotted the group and that it "Has been consistently targeting the telecommunications sector at a global scale since at least 2016 to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata." The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads. "Whatever the group is called, the pair write that it"employs significant operational security measures, primarily establishing implants across Linux and Solaris servers, with a particular focus on specific telecommunications systems, and only interacting with Windows systems as needed.

Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China. The Chinese version of Pwn2Own was started in 2018 in the wake of government regulation in the country that barred security researchers from participating in international hacking competitions because of national security concerns.

Microsoft has released a Linux version of the very popular Sysmon system monitoring utility for Windows, allowing Linux administrators to monitor devices for malicious activity. Today, Microsoft's Mark Russinovich and a cofounder of the Sysinternals utility suite, announced that Microsoft had released Sysmon for Linux as an open-source project on GitHub.

Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family, dubbed "FontOnLake" by Slovak cybersecurity firm ESET, is said to feature "Well-designed modules" that are continuously being upgraded with new features, indicating an active development phase.