Security News

New cryptomining malware builds an army of Windows, Linux bots
2021-04-24 14:36

A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero miner and self-spreader malware payloads. While, at first, it was using a multi-component architecture with the miner and worm modules, the botnet has been upgraded to use a single binary capable of mining and auto-spreading the malware to other devices.

Tor-Based Linux Botnet Abuses IaC Tools to Spread
2021-04-23 16:56

A recently observed malware botnet targeting Linux systems is employing many of the emerging techniques among cyber-criminals, such as the use of Tor proxies, legitimate DevOps tools, and the removal of competing malware, according to new research from anti-malware vendor Trend Micro. The researchers say the malware is capable of downloading all of the files it needs from the Tor anonymity network, including post-infection scripts and legitimate, essential binaries that might be missing from the environment, such as ss, ps, and curl.

Linux team in public bust-up over fake “patches” to introduce bugs
2021-04-22 20:52

We [took] the Linux kernel as target OSS and safely demonstrate[d] that it is practical for a malicious committer to introduce use-after-free bugs. The Linux kernel team was unsurprisingly unamused at being used as part of an unannounced experiment, especially one that was aimed at delivering a research paper about supply chain attacks by actually setting out to perpetrate them under cover.

Parrot OS Security edition is a Linux desktop distribution geared for security admins
2021-04-22 19:11

One such distribution is Parrot OS. Before we get into this, know there are two different flavors of Parrot OS-a general desktop distribution and one purpose-built for security. Parrot OS Security edition has you covered, regardless of what security issue you're digging into.

Windows 10 now lets you seamlessly run Linux GUI apps
2021-04-21 20:05

Windows 10 now lets you run Linux GUI apps without using a virtual machine after Microsoft added GUI support to the Windows Subsystem for Linux. Microsoft designed the WSL compatibility layer to make it possible for Windows 10 customers to run Linux binaries in ELF format natively on their Windows computers, in a PowerShell or Windows 10 command prompt.

Linux bans University of Minnesota for committing malicious code
2021-04-21 17:08

In a rare, groundbreaking decision, Linux kernel project maintainers have imposed a ban on the University of Minnesota from contributing to the open-source Linux project. The move comes after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux codebase, as a part of their research activities.

Linux Foundation Research to broaden understanding of open source ecosystem and impact
2021-04-16 00:00

The Linux Foundation announced Linux Foundation Research, a new division that will broaden the understanding of open source projects, ecosystem dynamics, and impact, with never before seen insights on the efficacy of open source collaboration as a means to solve many of the world's pressing problems. Through a series of research projects and related content, Linux Foundation Research will leverage the Linux Foundation's vast repository of data, tools, and communities across industry verticals and technology horizontals.

New Linux, macOS malware hidden in fake Browserify NPM package
2021-04-13 18:17

A new malicious package has been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems. The malicious package is called "Web-browserify," and imitates the popular Browserify npm component downloaded over 160 million times over its lifetime.

Linux 101: The different types of sudo and su
2021-04-05 14:34

Knowing which sudo or su command to run is important. If you're a new Linux admin, you probably at least know about sudo.

Google Chrome for Linux is getting DNS-over-HTTPS, but there's a catch
2021-03-31 07:41

Google Chrome developers have announced plans to roll out DNS-over-HTTPS support to Chrome web browser for Linux. Yesterday, the open-source Chromium project which powers the Google Chrome web browser announced plans to release a Chrome for Linux version with DNS-over-HTTPS support.