Pierluigi Paganini June 06, 2024
A new Linux version of TargetCompany ransomware targets VMware ESXi environments

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell script as a means of payload delivery and execution, this is the first time the technique was observed in the wild. The script was also used […]

Pierluigi Paganini May 30, 2024
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure issue. Threat actors exploited the flaw to gain remote firewall access […]

Pierluigi Paganini May 19, 2024
North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Symantec warns of a new Linux backdoor used by the North Korea-linked Kimsuky APT in a recent campaign against organizations in South Korea.  Symantec researchers observed the North Korea-linked group Kimsuky using a new Linux backdoor dubbed Gomir. The malware is a version of the GoBear backdoor which was delivered in a recent campaign by […]

Pierluigi Paganini April 17, 2024
Linux variant of Cerber ransomware targets Atlassian servers

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to […]

Pierluigi Paganini March 31, 2024
DinodasRAT Linux variant targets users worldwide

A Linux variant of the DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn. Researchers from Kaspersky uncovered a Linux version of a multi-platform backdoor DinodasRAT that was employed in attacks targeting China, Taiwan, Turkey, and Uzbekistan. DinodasRAT (aka XDealer) is written in C++ and supports a broad range of capabilities to […]

Pierluigi Paganini March 30, 2024
Expert found a backdoor in XZ tools used many Linux distributions

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor in the latest versions of the “xz” tools and libraries. Red Hat Information Risk and Security and Red […]

Pierluigi Paganini March 04, 2024
New Linux variant of BIFROSE RAT uses deceptive domain strategies

A new Linux variant of the remote access trojan (RAT) BIFROSE (aka Bifrost) uses a deceptive domain mimicking VMware. Palo Alto Networks Unit 42 researchers discovered a new Linux variant of Bifrost (aka Bifrose) RAT that uses a deceptive domain (download.vmfare[.]com) that mimics the legitimate VMware domain. The Bifrost RAT has been active since 2004, […]

Pierluigi Paganini February 14, 2024
Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages

Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue […]

Pierluigi Paganini February 07, 2024
Critical shim bug impacts every Linux boot loader signed in the past decade

The maintainers of Shim addressed six vulnerabilities, including a critical flaw that could potentially lead to remote code execution. The maintainers of ‘shim’ addressed six vulnerabilities with the release of version 15.8. The most severe of these vulnerabilities, tracked as CVE-2023-40547 (CVSS score: 9.8), can lead to remote code execution under specific circumstances. The vulnerability CVE-2023-40547 is […]

Pierluigi Paganini January 30, 2024
Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc), including a heap-based buffer overflow tracked as CVE-2023-6246. GNU C Library (glibc) is a free software library that provides essential system […]