Pierluigi Paganini
October 04, 2022
Researchers link recently discovered Linux ransomware Cheerscrypt to the China-linked cyberespionage group DEV-0401. Researchers at cybersecurity firm Sygnia attributed the recently discovered Linux ransomware Cheerscrypt to the China-linked cyber espionage group Bronze Starlight (aka DEV-0401, APT10) Bronze Starlight, has been active since mid-2021, in June researchers from Secureworks reported that the APT group is deploying […]
Pierluigi Paganini
August 22, 2022
Researchers shared details of an eight-year-old flaw dubbed DirtyCred, defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University (Zhenpeng Lin | PhD Student,Yuhang Wu | PhD Student, Xinyu Xing | Associate Professor) disclosed an eight-year-old security vulnerability in the Linux kernel, dubbed DirtyCred, which they defined “as nasty as Dirty Pipe.” The Dirty Pipe flaw, tracked […]
Pierluigi Paganini
August 15, 2022
Security Researchers discovered a new PyPI Package designed to drop fileless cryptominer to Linux systems. Sonatype researchers have discovered a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems. The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since […]
Pierluigi Paganini
July 21, 2022
Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems. Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework, which targets Linux systems. The malicious code has a modular structure and is able to install rootkits. “Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has […]
Pierluigi Paganini
July 07, 2022
Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion […]
Pierluigi Paganini
June 14, 2022
Experts spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. The experts reported that the Syslogk rootkit is heavily […]
Pierluigi Paganini
May 20, 2022
Microsoft researchers have observed a spike in the activity of the Linux bot XorDdos over the last six months. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks against gaming and education websites with massive DDoS attacks that reached 150 gigabytes per second […]
Pierluigi Paganini
April 27, 2022
Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities. The Microsoft 365 Defender Research Team has discovered two Linux privilege escalation flaws (tracked as CVE-2022-29799 and CVE-2022-29800) called “Nimbuspwn,” which can be exploited by attackers to conduct various malicious activities, including the deployment of malware. “The vulnerabilities […]
Pierluigi Paganini
March 08, 2022
Dirty Pipe is a Linux vulnerability, tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. The vulnerability affects Linux Kernel […]
Pierluigi Paganini
March 06, 2022
A Linux kernel flaw, tracked as CVE-2022-0492, can allow an attacker to escape a container to execute arbitrary commands on the container host. A now-patched high-severity Linux kernel vulnerability, tracked as CVE-2022-0492 (CVSS score: 7.0), can be exploited by an attacker to escape a container to execute arbitrary commands on the container host. The issue is […]
