Linux Hacks & Cracks
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called Cicada3301, which some experts believe has links with BlackCat (aka ALPHV) due to similarities in operations. Cicada3301 is a Rust-based ransomware that targets Windows and Linux/ESXi hosts.
As cybersecurity evolves, so too has its threats. Symantec recently identified an emerging threat aimed at Linux systems. This new type of ransomware (called double extortion by its creators) encrypts files and exfiltrates and holds onto data, demanding ransom payments in return. Such sophisticated cybercriminal tactics highlight their audacity while attacking many enterprise and cloud environments - an audacious move by cybercriminals targeting such essential infrastructure as server farms.
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This development represents a significant evolution of ransomware strategies, and admins and businesses must understand these threats to implement effective defenses against them.
Security professionals and system administrators face growing cyber threats in today's digital environment, making defending systems increasingly challenging. A recent discovery by Phylum revealed a sophisticated large-scale operation targeting Node Package Manager (npm), GitHub repositories, and Content Delivery Networks (CDNs) via trojanized versions of the jQuery JavaSecript library.
Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware targets Android apps used for banking apps in Southeast Asia using an unconventional exploit method involving seccomp, a Linux kernel feature. Snowblind first surfaced through Promon partner i-Sprint's discovery and represents a significant shift in attack vectors in that region.
The recent discovery of a backdoor in Linux's xz compression tool has shed light on cybercriminals' ingenious methods of gaining entry and remaining undetected within critical infrastructure foundations. The xz backdoor presents an acute threat to security and system integrity, and its creators leveraged sophisticated methods to remain undetected.
Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites. Five widely used plugins were infected with malware, which opened a backdoor that allowed attackers to manipulate SEO elements and gain administrative access. This shocking discovery should warn developers, administrators, and website owners about the dangers lurking within software supply chains.
RansomHub, a Ransomware-as-a-Service (RaaS) platform, has emerged as a significant threat to organizations around the globe. Targeting Windows, Linux, and ESXi systems with malware written in Go and C++ programming languages, RansomHub quickly made waves in the cybercrime landscape.
A new backdoor, "Noodle RAT" has caused widespread alarm across the cybersecurity landscape. Research highlights this previously undisclosed malware used by Chinese-speaking groups engaged in cybercrime and espionage activities.
Gitloker attacks have emerged with increased frequency in recent weeks, targeting GitHub repositories by wiping them clean of all content before demanding ransom for accessing accounts using stolen user credentials. These attacks threaten to use this stolen data unless an appropriate ransom payment is received.
Security researchers have recently identified an innovative Linux ransomware variant developed by the TargetCompany ransomware group. This variant targets ESXi environments and uses a custom shell script for payload delivery and execution, something not previously observed by TargetCompany operations.
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security threat. The group continuously evolves its toolkit by integrating newly disclosed vulnerabilities to expand its botnet.
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect our systems. Security researchers have identified a massive botnet comprising over 400,000 compromised Linux servers, reinforcing the need to stay alert and implement robust security measures. Let's examine the significance of this discovery and what we can learn from it to protect against future attacks.
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its GoBear backdoor called Gomir. The Gomir backdoor is structurally similar to GoBear, leading to concerns within the cybersecurity community. The overlapping code between malware variants raises questions regarding the extent of the threat and the potential implications for targeted organizations. Let's explore the significance of this discovery and its implications for the Linux community so you are better prepared to protect against Gomir and other Linux malware variants.
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on Windows systems but later shifted its attention to Linux servers, mainly targeting VMware ESXi virtual machines. The ransomware leverages different methods for initial access to target networks, such as exploiting known flaws in Cisco appliances, spear phishing, and abusing VPN services lacking multi-factor authentication protections. It also utilizes various tools for setting up persistence, privilege escalation, and lateral movement within networks.
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been observed. The malware's multifunctional nature is a notable characteristic, striking a chord with Linux admins, infosec professionals, internet security enthusiasts, and sysadmins who are likely familiar with the potential threat of versatile malware.
A Linux version of the multi-platform backdoor malware called DinodasRAT has been spotted in cyberattacks across several countries. The malware, also known as XDealer, is a C++-based threat that can harvest sensitive data from compromised systems.
A malvertising campaign has been discovered that deploys a fake PuTTY client to deliver the Rhadamanthys stealer, a dangerous malware. The attackers exploit the trust placed in PuTTY as a widely used SSH and Telnet client by presenting a counterfeit website through malicious ads that appear at the top of Google search results. Let's examine this significant security threat targeting Linux admins more deeply, emphasizing the need for heightened vigilance and robust Linux security measures.
A new variant of the AcidRain Linux malware called AcidPour has been discovered. This malware targets explicitly Linux systems in Ukraine. AcidPour expands upon its predecessor and poses a significant risk to users. Let's examine the importance of this discovery, the implications for admins and security professionals, and measures you can take to protect against threats like AcidPour.
The emergence of the KrustyLoader backdoor, with its variants targeting both Windows and Linux systems, has caught the attention of cybersecurity experts. This critical analysis will delve into the implications of this sophisticated backdoor, raise questions about its long-term consequences, and explore its impact on Linux admins, information security professionals, internet security enthusiasts, and sysadmins.