Security News

Stealthy RotaJakiro Backdoor Targeting Linux Systems
2021-04-30 00:54

Previously undocumented and stealthy Linux malware named RotaJakiro has been discovered targeting Linux X64 systems. Investigation revealed the backdoor malware they named RotaJakiro, because, say the researchers, "The family uses rotate encryption and behaves differently for root/non-root accounts when executing."

Stealthy Linux backdoor malware spotted after three years of minding your business
2021-04-29 23:40

Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years. An MD5 signature for the file systemd-daemon first showed up in VirusTotal back on May 16, 2018 without the detection of any known malware.

S3 Ep30: AirDrop worries, Linux pests and ransomware truths [Podcast]
2021-04-29 18:52

We investigate whether AirDrop is really as dangerous as researchers claimed. We discuss the pestiferous problem of fake Linux bugs submitted as an academic exercise.

Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
2021-04-29 08:29

A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems. Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "The family uses rotate encryption and behaves differently for root/non-root accounts when executing."

New stealthy Linux malware used to backdoor systems for years
2021-04-28 16:29

A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices. RotaJakiro is designed to operate as stealthy as possible, encrypting its communication channels using ZLIB compression and AES, XOR, ROTATE encryption.

Linux Kernel Bug Opens Door to Wider Cyberattacks
2021-04-27 19:43

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. It contains /proc/[pid] subdirectories, each of which contains files and subdirectories exposing information about specific processes, readable by using the corresponding process ID. In the case of the "Syscall" file, it's a legitimate Linux operating system file that contains logs of system calls used by the kernel.

Linux kernel security uproar: What some people missed
2021-04-27 11:47

Recently the Linux kernel community was aflame due to efforts by researchers at the University of Minnesota to intentionally torpedo Linux security by submitting faulty patches. Organizations of all sizes have depended upon Linux for performance and security for decades; in fact, those same organizations depend upon a wide array of open source, generally.

Minnesota University Apologizes for Contributing Malicious Code to the Linux Project
2021-04-27 00:19

Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future. The project aimed to deliberately add use-after-free vulnerabilities to the Linux kernel in the name of security research, apparently in an attempt to highlight how potentially malicious code could sneak past the approval process, and as a consequence, suggest ways to improve the security of the patching process.

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux
2021-04-26 00:33

A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a scenario where a malicious pull request - i.e., the proposed changes - could be automatically reviewed and approved.

New cryptomining malware builds an army of Windows, Linux bots
2021-04-24 14:36

A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero miner and self-spreader malware payloads. While, at first, it was using a multi-component architecture with the miner and worm modules, the botnet has been upgraded to use a single binary capable of mining and auto-spreading the malware to other devices.