Thank you for reading our Linux Security Week newsletter! In this weekly newsletter, we strive to provide readers with a comprehensive overview of the week's most relevant open source security news. We want to provide you with the type of content you are interested in, and would love to hear your thoughts on this week's articles.
Fileless Malware on Linux: Anatomy of an Attack - This article will provide you with answers to these questions by honing in on the anatomy of a Linux fileless malware attack - equipping you with the knowledge necessary to secure your systems and your data against this stealthy and malicious threat. Let’s begin by exploring the concept of fileless malware.
The Linux Mint project has patched a security flaw discovered by two kids that could have allowed a threat actor to bypass the OS screensaver and its password and access locked desktops. Linux Mint is now working on adding a setting that will let users disable the on-screen keyboard, which would make mitigating future bugs in this component easier until patches are generally available.
Security researchers have discovered a set of seven vulnerabilities in dnsmasq - a utility used in many Linux-based systems, especially routers and other IoT devices, to provide DNS services - which allow attackers to redirect users or execute malicious code. This dangerous set of flaws has been named DNSpooq. Patch dnsmasq now!
Until now, users on the same Ubuntu system could access and read the files in the home directory of other users. This is changing from Ubuntu 21.04 - adding a layer of security and privacy to Ubuntu systems.
OpenWRT has disclosed a data breach that occurred after a malicious hacker gained access to a forum admin account. The OpenWRT wiki, which contains the official download links, was not compromised, the project said.
Researchers are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. Botnet operators have been mass-scanning for vulnerable Linux devices, and the command-and-control server associated with FreakOut has now targeted several hundred vulnerable devices.
Thank you to the GeoIP team for sharing their project with us. Have a similar open-source security project that you think the LinuxSecurity audience would be interested in learning about? Please do not hesitate to reach out!
The recently discovered DreamBus botnet uses exploits and brute-force attacks to target PostgreSQL, Redis, SaltStack, Hadoop, Spark, and others enterprise-level apps that run on Linux systems. "The idea is to give the DreamBus gang a foothold on a Linux server where they could later download and install an open-source app that mines the Monero (XMR) cryptocurrency to generate profits for the attackers."
The Dovecat Monero-mining malware doesn't steal data, but it consumes large amounts of CPU and memory. This is the latest threat faced by QNAP customers - after research published in July 2020 identified that tens of thousands of NAS drives are potentially vulnerable to malware that prevents administrators from applying patches.