Hacks/Cracks - Page 6.4
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
Protect your Linux servers from XorDdos, a botnet scanning the internet for SSH servers with weak passwords, Microsoft warns.
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.
Researchers have uncovered a highly-evasive Chinese surveillance tool using the Berkeley Packet Filter (BPF). The malware, dubbed BPFDoor, is present on “thousands” of Linux systems, its controller has gone almost completely unnoticed by endpoint protection vendors despite it being in use for at least five years.
The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations.
A new Linux botnet, B1txor20, that targets Arm and 64-bit x86 systems shows log4j isn't going away any time soon.
eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. “NginRAT essentially hijacks a host Nginx application to stay undetected. To do that, NginRAT modifies core functionality of the Linux host system. When the legitimate Nginx web server uses such functionality (eg dlopen), NginRAT intercepts it to inject itself.”
Security researchers have discovered a Linux-based remote access trojan (RAT) that uses an unusual stealth technique to remain out of sight from security products. The malware, dubbed CronRat, hides in the calendar subsystem of Linux servers (“cron”) on a non-existent day, 31 February, according to a blog post by security researchers at Sansec.
Attackers are deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites.
The stealthy LightBasin hacking group (also known as UNC1945) is infiltrating telecommunications companies around the world in a campaign that researchers have linked to intelligence gathering and cyber espionage. LightBasin's primary focus is on Linux and Solaris servers that are critical for running telecommunications infrastructure – and are likely to have less security measures in place than Windows systems.
Multiple malicious packages have been identified on the npm registry this month. These packages disguise themselves as legitimate JavaScript libraries, but have been caught launching cryptominers on Linux, Windows and MacOS machines.
The newly discovered FontOnLake malware family delivers backdoor and rootkit components to infect Linux systems concealed in legitimate binaries.
It has been discovered that the RansomExx ransomware gang does not correctly lock Linux files during encryption, leading to potentially corrupted files.
The new Capoae Go malware, which targets WordPress installs and Linux systems, highlights the increase of cyberattacks designed to deploy cryptocurrency-mining payloads.
Hackers have developed a Linux port of the Cobalt Strike penetration testing toolkit dubbed Vermilion Strike to evade malware detection.
The HolesWarm botnet cryptominer has already compromised 1,000-plus clouds since June.
The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. As more businesses move to this type of platform for their servers, we expect to continue to see ransomware developers focus primarily on Windows machines - but also create a dedicated Linux encryptor targeting ESXi.
The Uptycs Threat Research team outlines how malicious Linux shell scripts are used to cloak attacks and how defenders can detect these threats and mitigate their risk of suffering an attack.
Hackers are turning coding languages such as Go, Rust, Nim and DLang into next-gen malware targeting Linux and Windows systems, enabling them to avoid signature detection and add layers of obfuscation.
The infamous cross-platform LemonDuck crypto-mining malware has continued to refine and improve upon its techniques to strike both Linux and Windows OSes by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.