Security News

Microsoft has added support for identifying and assessing the security configurations of Linux and macOS endpoints on enterprise networks using Microsoft Defender for Endpoint. The secure configuration assessment feature is now in public preview, and it has expanded to include macOS and Linux devices after initially only supporting Windows 10 and Windows Server devices.

Jack Wallen walks you through the steps of installing both Linux Malware Detection and ClamAV for a reliable one-two punch of malware and virus prevention. With your Linux servers, you might have any number of users logging in and saving files to numerous directories.

A veritable cornucopia of security vulnerabilities in the Exim mail server have been uncovered, some of which could be chained together for unauthenticated remote code execution, gaining root privileges and worm-style lateral movement, according to researchers. "Exim Mail Servers are used so widely and handle such a large volume of the internet's traffic that they are often a key target for hackers," Jogi said, noting that last year, a vulnerability in Exim was a target of the Russian advanced persistent threat known as Sandworm.

Previously undocumented and stealthy Linux malware named RotaJakiro has been discovered targeting Linux X64 systems. Investigation revealed the backdoor malware they named RotaJakiro, because, say the researchers, "The family uses rotate encryption and behaves differently for root/non-root accounts when executing."

Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years. An MD5 signature for the file systemd-daemon first showed up in VirusTotal back on May 16, 2018 without the detection of any known malware.

We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise.

A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems. Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "The family uses rotate encryption and behaves differently for root/non-root accounts when executing."

A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices. RotaJakiro is designed to operate as stealthy as possible, encrypting its communication channels using ZLIB compression and AES, XOR, ROTATE encryption.

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. It contains /proc/[pid] subdirectories, each of which contains files and subdirectories exposing information about specific processes, readable by using the corresponding process ID. In the case of the "Syscall" file, it's a legitimate Linux operating system file that contains logs of system calls used by the kernel.

Recently the Linux kernel community was aflame due to efforts by researchers at the University of Minnesota to intentionally torpedo Linux security by submitting faulty patches. Organizations of all sizes have depended upon Linux for performance and security for decades; in fact, those same organizations depend upon a wide array of open source, generally.