Security News

ESET researchers discovered Kobalos, a malware that has been attacking supercomputers - high performance computer clusters - as well as other targets such as a large Asian ISP, a North American endpoint security vendor, and several privately held servers. "Perhaps unrelated to the events involving Kobalos, there were multiple security incidents involving HPC clusters in the past year. Some of them hit the press and details were made public in an advisory from the European Grid Infrastructure CSIRT about cases where cryptocurrency miners were deployed. The EGI CSIRT advisory shows compromised servers in Poland, Canada and China were used in these attacks. Press articles also mention Archer, a breached UK-based supercomputer where SSH credentials were stolen, but does not contain details about which malware was used, if any," ESET researchers noted.

Security researchers at cybersecurity company ESET discovered the malware and named it Kobalos, after the misbehaving creature in Greek mythology. "On compromised machines whose system administrators were able to investigate further, we discovered that an SSH credential stealer was present in the form of a trojanized OpenSSH client. The /usr/bin/sshfile was replaced with a modified executable that recorded username, password and target hostname, and wrote them to an encrypted file" - ESET. The researchers believe that credential theft could explain how the malware spreads to other systems on the same network or other networks in the academic sector since students and researchers from multiple universities may have SSH access to supercomputer clusters.

A doozy of a bug that could allow any local user on most Linux or Unix systems to gain root access has been uncovered - and it had been sitting there for a decade, researchers said. The bug was found in Sudo, a utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user.

TeamTNT now further upgraded their malware to evade detection after infecting and deploying malicious coinminer payloads on Linux devices. "The group is using a new detection evasion tool, copied from open source repositories," AT&T Alien Labs security researcher Ofer Caspi says in a report published today.

A vulnerability in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host. "This vulnerability is perhaps the most significant sudo vulnerability in recent memory and has been hiding in plain sight for nearly 10 years," said Mehul Revankar, Vice President Product Management and Engineering, Qualys, VMDR, and noted that there are likely to be millions of assets susceptible to it.

CloudLinux announces the expansion of its affordable Extended Lifecycle Support services for Linux distributions, by providing its own updates and security patches for several years after expiration of the products' end-of-life date. Oracle Linux 6 Extended Lifecycle Support service will be available starting in February 2021 and will extend to February 2025.

Security researchers from Qualys have identified a critical heap buffer overflow vulnerability in sudo that can be exploited by rogue users to take over the host system. Sudo is an open-source command-line utility widely used on Linux and other Unix-flavored operating systems.

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication. Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity.

Jack Wallen walks you through some of the steps you can take to check for and mitigate distributed denial of service attacks on a Linux server. Recently I wrote a piece on how to detect and stop a DoS attack on Linux.

If you're not sure how to view your SSH certificates, Jack Wallen walks you through the steps on Linux, macOS, and Windows.