Security News

Researchers have discovered a new backdoor targeting Linux systems, which they link back to the Winnti threat group. The latter fact provides a clue that RedXOR is utilized in targeted attacks against legacy Linux systems, noted researchers.

Sigstore could eliminate the headaches associated with current software signing technology through public ledgers. The Linux Foundation, in partnership with Red Hat, Google and Purdue University, has announced a new digital signing project, potentially eliminating many of the headaches that come with securing open source software, files, images and binaries.

Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems. Based on command-and-control servers still being active, the Linux backdoor is being used in ongoing attacks targeting both Linux servers and endpoints.

The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free 'sigstore' service that lets developers code-sign and verify open source software to prevent supply-chain attacks. To pull these attacks off, threat actors will create malicious open-source packages and upload them to public repositories using names similar to popular legitimate packages.

Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors. RedXOR's name comes from the fact that it encodes its network data with a scheme based on XOR, and that it's compiled with a legacy GCC compiler on an old release of Red Hat Enterprise Linux, suggesting that the malware is deployed in targeted attacks against legacy Linux systems.

A total of five vulnerabilities that could lead to local privilege escalation were recently identified and fixed in the Linux kernel. Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel.

Red Hat announced further strengthening of Red Hat Enterprise Linux as a platform of choice for users requiring more secure computing, with Red Hat Enterprise Linux 8.1 achieving Common Criteria Certification. The first major security certification for Red Hat Enterprise Linux 8, this validation emphasizes Red Hat's commitment to supporting customers that use the world's leading enterprise Linux platform for critical workloads in classified and sensitive deployments.

Security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. The vulnerabilities could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server.

Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.

Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. Voisin found the two working Linux and Windows exploits on the online VirusTotal malware analysis platform.