Security News

A large darknet marketplace focused on drugs and illegal substances, has been taken over by a smaller competitor named 'Kraken,' who claims to have hacked it on January 13, 2022. The Tor site of Solaris currently redirects to Kraken, while blockchain monitoring experts at Elliptic report no movements in the cryptocurrency addresses associated with the site after January 13, 2022.

New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. Cybersecurity company CrowdStrike has observed a threat actor that focused mainly on targeting Linux and Solaris systems using the custom-built BPFDoor implant on telecommunications providers to steal personal user information.

Security vendor CrowdStrike claims it's spotted the group and that it "Has been consistently targeting the telecommunications sector at a global scale since at least 2016 to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata." The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads. "Whatever the group is called, the pair write that it"employs significant operational security measures, primarily establishing implants across Linux and Solaris servers, with a particular focus on specific telecommunications systems, and only interacting with Windows systems as needed.

FireEye Mandiant has published detailed information on an Oracle Solaris vulnerability that has been exploited in attacks by a sophisticated threat actor. The flaw allows an unauthenticated attacker to compromise Oracle Solaris systems.

The vulnerability exists in the Oracle Solaris Pluggable Authentication Module and allows an unauthenticated attacker with network access via multiple protocols to exploit and compromise the operating system. "In mid-2020, we observed UNC1945 deploy EVILSUN-a remote-exploitation tool containing a zero-day exploit for CVE-2020-14871 - on a Solaris 9 server," said researchers with FireEye, in a Monday analysis.

A threat actor has been observed targeting Oracle Solaris operating systems for over two years, including with an exploit for a recently addressed zero-day vulnerability, FireEye reported on Monday. In late 2018, the threat actor was observed compromising a Solaris server that had the SSH service exposed to the Internet, to install the SLAPSTICK backdoor on it, in order to steal credentials.

One of the Solaris vulnerabilities patched by Oracle with its July 2018 Critical Patch Update (CPU) exists due to an ineffective fix implemented by the company for a flaw first discovered in 2007....

Oracle tackles a Solaris 10 and 11.3 vulnerability tied to 2009 patched bug.

Privilege escalation bug was still sitting there 11 years later A vulnerability first detected and "resolved" years ago in Oracle's Unix OS, Solaris, has resurfaced, necessitating a fix in Big...

Oracle has pushed out a record-breaking 299 fixes for vulnerabilities in its many, many products, and among them is a Solaris 10 bug whose existence has been revealed through Shadow Brokers’...