Stay Informed about Linux Hacks, Cracks, & Vulnerabilities

Discover Hacks/Cracks News

Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This development represents a significant evolution of ransomware strategies, and admins and businesses must understand these threats to implement effective defenses against them.

Brittany Day
Jul 23, 2024

The Hidden Dangers in Your Dependencies: Responding to Trojanized jQuery Attacks

Security professionals and system administrators face growing cyber threats in today's digital environment, making defending systems increasingly challenging. A recent discovery by Phylum revealed a sophisticated large-scale operation targeting Node Package Manager (npm), GitHub repositories, and Content Delivery Networks (CDNs) via trojanized versions of the jQuery JavaSecript library.

Brittany Day
Jul 10, 2024

Exploring Snowblind: A Fresh Take on Android Malware Exploiting seccomp

Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware targets Android apps used for banking apps in Southeast Asia using an unconventional exploit method involving seccomp, a Linux kernel feature. Snowblind first surfaced through Promon partner i-Sprint's discovery and represents a significant shift in attack vectors in that region.

Anthony Pell
Jun 27, 2024

Invisible Intrusions: Analyzing the Clever Concealment of the xz Linux Backdoor

The recent discovery of a backdoor in Linux's xz compression tool has shed light on cybercriminals' ingenious methods of gaining entry and remaining undetected within critical infrastructure foundations. The xz backdoor presents an acute threat to security and system integrity, and its creators leveraged sophisticated methods to remain undetected.

Brittany Day
Jun 26, 2024

Securing WordPress: Combating a Surge in Supply-Chain Backdoor Attacks

Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites. Five widely used plugins were infected with malware, which opened a backdoor that allowed attackers to manipulate SEO elements and gain administrative access. This shocking discovery should warn developers, administrators, and website owners about the dangers lurking within software supply chains.

Brittany Day
Jun 25, 2024

RansomHub Unmasked: Protecting Linux Infrastructure Against High-Stakes Ransomware

RansomHub, a Ransomware-as-a-Service (RaaS) platform, has emerged as a significant threat to organizations around the globe. Targeting Windows, Linux, and ESXi systems with malware written in Go and C++ programming languages, RansomHub quickly made waves in the cybercrime landscape.

Brittany Day
Jun 23, 2024

Understanding & Protecting Against the New Noodle RAT Backdoor Threat

A new backdoor, "Noodle RAT" has caused widespread alarm across the cybersecurity landscape. Research highlights this previously undisclosed malware used by Chinese-speaking groups engaged in cybercrime and espionage activities.

Dave Wreski
Jun 11, 2024

Practical Protection Measures Against New Gitloker Attacks Targeting GitHub Repos

Gitloker attacks have emerged with increased frequency in recent weeks, targeting GitHub repositories by wiping them clean of all content before demanding ransom for accessing accounts using stolen user credentials. These attacks threaten to use this stolen data unless an appropriate ransom payment is received.

Brittany Day
Jun 07, 2024

Practical Advice for Protecting Against New TargetCompany Linux Ransomware Variant

Security researchers have recently identified an innovative Linux ransomware variant developed by the TargetCompany ransomware group. This variant targets ESXi environments and uses a custom shell script for payload delivery and execution, something not previously observed by TargetCompany operations.

Anthony Pell
Jun 06, 2024

Kinsing Hacker Group Exploits More Flaws, Expands Cryptojacking Botnet

The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security threat. The group continuously evolves its toolkit by integrating newly disclosed vulnerabilities to expand its botnet.

Dave Wreski
Jun 03, 2024

400k Linux Servers Hacked in Massive Cryptocurrency-Mining Botnet

As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect our systems. Security researchers have identified a massive botnet comprising over 400,000 compromised Linux servers, reinforcing the need to stay alert and implement robust security measures. Let's examine the significance of this discovery and what we can learn from it to protect against future attacks.

Brittany Day
Jun 03, 2024

Gomir Linux Backdoor Deployed by Kimsuky APT in South Korean Cyberattacks

The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its GoBear backdoor called Gomir. The Gomir backdoor is structurally similar to GoBear, leading to concerns within the cybersecurity community. The overlapping code between malware variants raises questions regarding the extent of the threat and the potential implications for targeted organizations. Let's explore the significance of this discovery and its implications for the Linux community so you are better prepared to protect against Gomir and other Linux malware variants.

Brittany Day
May 30, 2024

Akira Ransomware Gang Targets Linux Servers, Extorts $42 Million

The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on Windows systems but later shifted its attention to Linux servers, mainly targeting VMware ESXi virtual machines. The ransomware leverages different methods for initial access to target networks, such as exploiting known flaws in Cisco appliances, spear phishing, and abusing VPN services lacking multi-factor authentication protections. It also utilizes various tools for setting up persistence, privilege escalation, and lateral movement within networks.

Dave Wreski
Apr 19, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been observed. The malware's multifunctional nature is a notable characteristic, striking a chord with Linux admins, infosec professionals, internet security enthusiasts, and sysadmins who are likely familiar with the potential threat of versatile malware.

Brittany Day
Apr 15, 2024

Linux Version of DinodasRAT Raises Serious Security Concerns

A Linux version of the multi-platform backdoor malware called DinodasRAT has been spotted in cyberattacks across several countries. The malware, also known as XDealer, is a C++-based threat that can harvest sensitive data from compromised systems.

Dave Wreski
Mar 31, 2024

Linux Admins Beware: Malvertising Campaign Exploiting PuTTY Puts Security at Risk

A malvertising campaign has been discovered that deploys a fake PuTTY client to deliver the Rhadamanthys stealer, a dangerous malware. The attackers exploit the trust placed in PuTTY as a widely used SSH and Telnet client by presenting a counterfeit website through malicious ads that appear at the top of Google search results. Let's examine this significant security threat targeting Linux admins more deeply, emphasizing the need for heightened vigilance and robust Linux security measures.

Dave Wreski
Mar 25, 2024

Analyzing AcidPour: A New and Evolving Linux Malware Threat

A new variant of the AcidRain Linux malware called AcidPour has been discovered. This malware targets explicitly Linux systems in Ukraine. AcidPour expands upon its predecessor and poses a significant risk to users. Let's examine the importance of this discovery, the implications for admins and security professionals, and measures you can take to protect against threats like AcidPour.

Brittany Day
Mar 19, 2024

New KrustyLoader Backdoor Threatens Linux & Windows Systems

The emergence of the KrustyLoader backdoor, with its variants targeting both Windows and Linux systems, has caught the attention of cybersecurity experts. This critical analysis will delve into the implications of this sophisticated backdoor, raise questions about its long-term consequences, and explore its impact on Linux admins, information security professionals, internet security enthusiasts, and sysadmins.

Anthony Pell
Mar 12, 2024

WogRAT Malware Exploits aNotepad, Targets Linux & Windows Users

The emergence of advanced malware strains presents significant challenges for security practitioners, and the recent discovery of the WogRAT malware is no exception. This article explores the implications of WogRAT's abuse of an online notepad service to store and retrieve malicious payloads.

Dave Wreski
Mar 06, 2024

Millions Of GitHub Repositories Infected With Malicious Code

Security researchers have uncovered a concerning cyberattack campaign that targets developers on GitHub, potentially affecting millions of repositories. This campaign utilizes repo confusion attacks, which exploit human error rather than package manager systems.

Dave Wreski
Mar 04, 2024

Linux Hacks & Cracks

Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies

The Hidden Dangers in Your Dependencies: Responding to Trojanized jQuery Attacks

Exploring Snowblind: A Fresh Take on Android Malware Exploiting seccomp

Discover Hacks/Cracks News

Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies

The Hidden Dangers in Your Dependencies: Responding to Trojanized jQuery Attacks

Exploring Snowblind: A Fresh Take on Android Malware Exploiting seccomp

Invisible Intrusions: Analyzing the Clever Concealment of the xz Linux Backdoor

Securing WordPress: Combating a Surge in Supply-Chain Backdoor Attacks

RansomHub Unmasked: Protecting Linux Infrastructure Against High-Stakes Ransomware

Understanding & Protecting Against the New Noodle RAT Backdoor Threat

Practical Protection Measures Against New Gitloker Attacks Targeting GitHub Repos

Practical Advice for Protecting Against New TargetCompany Linux Ransomware Variant

Kinsing Hacker Group Exploits More Flaws, Expands Cryptojacking Botnet

400k Linux Servers Hacked in Massive Cryptocurrency-Mining Botnet

Gomir Linux Backdoor Deployed by Kimsuky APT in South Korean Cyberattacks

Akira Ransomware Gang Targets Linux Servers, Extorts $42 Million

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

Linux Version of DinodasRAT Raises Serious Security Concerns

Linux Admins Beware: Malvertising Campaign Exploiting PuTTY Puts Security at Risk

Analyzing AcidPour: A New and Evolving Linux Malware Threat

New KrustyLoader Backdoor Threatens Linux & Windows Systems

WogRAT Malware Exploits aNotepad, Targets Linux & Windows Users

Millions Of GitHub Repositories Infected With Malicious Code

LinuxSecurity Poll

Which open source security automation tool do you use to protect against vulnerabilities?

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By