Security News

Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records," ESET researchers said in a Thursday analysis.

According to Kaspersky, these attackers are increasingly diversifying their arsenals to contain Linux tools, giving them a broader reach over the systems they can target. Many organisations choose Linux for strategically important servers and systems, and with a "Significant trend" towards using Linux as a desktop environment by big business as well as government bodies, attackers are in turn developing more malware for the platform.

Thousands of ISO certifications at risk of lapsing due to halted re-certification auditsThousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organizations' premises to conduct essential re-certification audits during the current coronavirus pandemic. Kali Linux 2020.3 released: A new shell and a Bluetooth Arsenal for NetHunterOffensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform.

Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. Kali NetHunter - Kali's mobile pentesting platform/app - has been augmented with Bluetooth Arsenal, which combines a set of Bluetooth tools in the app with pre-configured workflows and use cases.

The United States on Thursday published information on Drovorub, a previously undisclosed piece of malware that Russia-linked cyber-spies are using in attacks targeting Linux systems. Drovorub, a joint advisory from the NSA and the FBI reveals, is being employed by the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center military unit 26165, which is better known as the cyber-espionage group APT 28.

The NSA and FBI are sounding the alarm over a dangerous new strain of Linux malware being employed by Russian government hackers often dubbed the Fancy Bear crew. Uncle Sam explicitly said on Thursday the miscreants - formally known as the 85th Main Special Service Center - operate within the Russian intelligence directorate, aka the GRU. The software nasty in question is Drovorub, a rootkit designed to infect Linux systems, take control of them, and siphon off files.

According to a Thursday advisory by the National Security Agency and the Federal Bureau of Investigation, the malware especially represents a threat to national security systems such as the Department of Defense and Defense Industrial Base customers that use Linux systems. "Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control server," according to a 45-page deep-dive analysis of the malware published Thursday [PDF] by the FBI and NSA. "When deployed on a victim machine, the Drovorub implant provides the capability for direct communications with actor controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as 'root'; and port forwarding of network traffic to other hosts on the network."

Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method. Those same files and directories will be hidden from the file manager unless you explicitly tell the file manager to show those secreted files.

Who says persistence doesn't pay off? After 10 years of nagging that resulted in the longest forum thread in 1Password's history, the popular password manager is finally coming to Linux. 1Password has been enjoyed by Windows, Android and iOS users for years, but not Linux fans.

A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. Finally, the sixth item is the Linux XOR DDoS botnet, which is the largest known Linux botnet, first coming to notice in 2015.