Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found -3 articles for you...
83
data protectionencryptionmalwareEmerging Mallox Ransomware Targets Linux: Mitigation and Strategies
A new variant of the Mallox ransomware, which traditionally targeted Windows systems, has been observed targeting Linux environments. This ransomware strain is based on the leaked source code of the Kryptina ransomware. . To help you better understand this emerging threat and take proactive measures to secure your Linux systems against it, I'll explore its operational tactics and the role of leaked Kryptina source code in its development. I'll then provide practical mitigation strategies you can implement to safeguard your systems and your data. Can you imagine suffering an attack and losing access to your critical systems and sensitive information? Ransomware prevention is far better than remediation! Let's look at how to stay ahead of attackers and prepare for this new and concerning threat. Understanding The Threat Landscape Mallox ransomware, also known as TargetCompany, has evolved significantly over time. Traditionally, it targeted Windows operating systems, causing considerable disruptions. However, recent findings by SentinelLabs have revealed that an affiliate of the Mallox ransomware operation is now targeting Linux systems using a slightly modified version of the Kryptina ransomware. This shift to Linux indicates a broadened attack surface for the ransomware, which now includes Linux and VMware ESXi systems. This evolution in targeting marks a significant progression for the Mallox operation, widening the potential victim base and posing a new set of challenges for sysadmins and cybersecurity professionals running Linux systems. How Does Mallox Ransomware Operate? The core mechanics of the new Mallox Linux variant are built on the foundation of the Kryptina ransomware's source code. Launched initially as a low-cost ransomware-as-a-service (RaaS) platform for Linux systems in late 2023, Kryptina failed to gain substantial traction within the cybercrime community. However, its purported administrator, "Corlys," leaked its source code on hacking forums in February 2024. This leakallowed random ransomware actors to use a functional Linux variant maliciously. Encryption Mechanism and Deployment Kryptina Source Code on Exposed Server (source: SentinelLabs) The new Mallox variant, "Mallox Linux 1.0," employs the same AES-256-CBC encryption mechanism used by Kryptina and identical decryption routines. It uses a command-line builder and configuration parameters and retains the core functionality found in Kryptina. The most notable modification made by the Mallox affiliate was rebranding. They changed the name and appearance, removed references to Kryptina, and transplanted the existing documentation into a simplified form. Operational Tactics In addition to the ransomware, SentinelLabs discovered various tools on the threat actors' servers that complement their operational tactics. These include: A legitimate Kaspersky password reset tool (KLAPR.BAT) An exploit for CVE-2024-21338, a privilege escalation flaw on Windows 10 and 11 Privilege escalation PowerShell scripts Java-based Mallox payload droppers Disk image files containing Mallox payloads Data folders for 14 potential victims These tools suggest that the threat actors can escalate privileges on compromised systems, deploy ransomware payloads effectively, and target multiple victims. Examining the Role of Leaked Kryptina Source Code in Mallox Ransomware Attacks The leaked Kryptina source code was crucial in developing the Mallox Linux variant. By leveraging this code, the Mallox affiliate was able to rapidly rebrand and repurpose an existing ransomware framework to target Linux systems, significantly reducing development time and costs. The emergence of Mallox ransomware underscores the broader issue of leaked malware source code, which facilitates the rapid proliferation of new variants and empowers even less sophisticated threat actors to launch damaging attacks. Mitigation Strategies for Linux Admins For system administrators looking to secure their environmentsagainst Mallox ransomware and similar threats, we recommend the following mitigation strategies: Regular Backups: Implement regular backups of all critical data. Use a combination of on-site and off-site backups to mitigate the risk of data loss. Regularly test your backups to ensure they can be restored successfully. Patch Management: Immediately apply patches and updates to all systems and software, especially those related to known vulnerabilities. Employ automated patch management tools to streamline this process. Network Segmentation: Divide your network into segments to isolate critical systems and limit the spread of ransomware. Use VLANs and access control lists (ACLs) to enforce network segmentation. User Training: Educate users about the risks of ransomware and phishing attacks. Conduct regular training sessions to ensure employees recognize and report suspicious emails and links. Access Controls: Follow the least privilege principle by restricting user permissions to only what is necessary for their role. Implement multi-factor authentication (MFA) to add an extra layer of security. Intrusion Detection and Prevention: Use intrusion detection and prevention systems to monitor network traffic for malicious activity. Configure these systems to alert and block detected threats. Incident Response Plan: Develop and regularly update an incident response plan. Ensure all team members understand their roles and responsibilities during ransomware attacks. Endpoint Security: Deploy comprehensive endpoint security solutions that include antivirus, anti-malware, and behavioral analysis technologies to detect and prevent ransomware. Our Final Thoughts on Combating Mallox Ransomware The emergence of the new Mallox ransomware Linux variant is yet another prime example of the continuous evolution of the ransomware threat landscape. By leveraging leaked Kryptina source code, threat actors have adapted their tactics to target Linux systems,expanding their potential victim base. System administrators must implement robust mitigation strategies to protect their Linux environments against this growing threat. Regular backups, patch management, network segmentation, user training, access controls, intrusion detection, incident response planning, and endpoint security are crucial components of a comprehensive defense-in-depth strategy. By staying vigilant and proactive, admins and organizations can better secure their systems and minimize the risk of a Mallox ransomware attack. . Uncover the recent rise of Nuvax ransomware targeting Linux systems, exploring its roots, methodologies, and robust defense measures.. Mallox Ransomware, Linux Security, Ransomware Prevention, Cyber Threats, Kryptina Code. . Brittany Day
Sep 24, 2024
•
Hacks/Cracks
76
malware analysisAPT attackHTran toolOperation Shady RAT: HTran and Its Role in Advanced Threats
The advanced persistent threat (APT) attackers behind the newly revealed Operation Shady RAT also deployed a tool called HTran that helps disguise their location.. Joe Stewart, director of malware research for Dell SecureWorks' counter threat unit research team, who has been studying some 60 different families of malware used by APT attackers in their cyberespionage attacks, recently discovered a pattern in which many of these attackers use this tool, written 10 years ago by a Chinese hacker, to hide their whereabouts. Stewart, who published research on HTran use today in APT malware, said the Operation Shady RAT attackers are among those who use the tool for camouflaging purposes. The link for this article located at Information Week is no longer available. . Explore the complex realm of Advanced Persistent Threats (APTs) and how HTran aids in concealing cyber threats with advanced evasion tactics, making detection more difficult. APT Attacks, HTran Analysis, Malware Research, Cybersecurity Insights. . Anthony Pell
Aug 04, 2011
•
Organizations/Events
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More