Linux Hacks & Cracks
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies. This attack has reignited debate about encryption backdoors, an ongoing contention among security practitioners.
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants and strategies for detecting and preventing attacks. Security researcher HaxRob recently discovered a new Linux variant of the FASTCash malware, which targets payment switches to enable unauthorized ATM withdrawals.
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them than ever. Checkmarx researchers recently identified that malicious actors are exploiting entry points into popular package ecosystems such as PyPI (Python's package index) and npm (Node.js package manager) to Trojanize command-line interface (CLI) commands from running.
Security researchers have discovered a sophisticated strain of malware targeting Linux servers dubbed Perfctl. Its dual purpose is mining cryptocurrency and proxyjacking.
Elastic researchers recently identified an advanced Linux malware campaign targeting Apache2 web servers, underscoring the need for sysadmins and cybersecurity specialists to be increasingly aware of the growing Linux malware threat. Constant vigilance in cybersecurity is necessary to guard systems from emerging attacks, especially as cyber threats continue to advance and become more challenging to detect.
A new variant of the Mallox ransomware, which traditionally targeted Windows systems, has been observed targeting Linux environments. This ransomware strain is based on the leaked source code of the Kryptina ransomware.
Security researchers have recently observed an alarming resurgence of TeamTNT, a notorious hacking group known for targeting cloud infrastructures. Their latest campaign zeroes in on Virtual Private Server (VPS) environments running CentOS, particularly version 7.
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called Cicada3301, which some experts believe has links with BlackCat (aka ALPHV) due to similarities in operations. Cicada3301 is a Rust-based ransomware that targets Windows and Linux/ESXi hosts.
As cybersecurity evolves, so too has its threats. Symantec recently identified an emerging threat aimed at Linux systems. This new type of ransomware (called double extortion by its creators) encrypts files and exfiltrates and holds onto data, demanding ransom payments in return. Such sophisticated cybercriminal tactics highlight their audacity while attacking many enterprise and cloud environments - an audacious move by cybercriminals targeting such essential infrastructure as server farms.
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This development represents a significant evolution of ransomware strategies, and admins and businesses must understand these threats to implement effective defenses against them.
Security professionals and system administrators face growing cyber threats in today's digital environment, making defending systems increasingly challenging. A recent discovery by Phylum revealed a sophisticated large-scale operation targeting Node Package Manager (npm), GitHub repositories, and Content Delivery Networks (CDNs) via trojanized versions of the jQuery JavaSecript library.
Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware targets Android apps used for banking apps in Southeast Asia using an unconventional exploit method involving seccomp, a Linux kernel feature. Snowblind first surfaced through Promon partner i-Sprint's discovery and represents a significant shift in attack vectors in that region.
The recent discovery of a backdoor in Linux's xz compression tool has shed light on cybercriminals' ingenious methods of gaining entry and remaining undetected within critical infrastructure foundations. The xz backdoor presents an acute threat to security and system integrity, and its creators leveraged sophisticated methods to remain undetected.
Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites. Five widely used plugins were infected with malware, which opened a backdoor that allowed attackers to manipulate SEO elements and gain administrative access. This shocking discovery should warn developers, administrators, and website owners about the dangers lurking within software supply chains.
RansomHub, a Ransomware-as-a-Service (RaaS) platform, has emerged as a significant threat to organizations around the globe. Targeting Windows, Linux, and ESXi systems with malware written in Go and C++ programming languages, RansomHub quickly made waves in the cybercrime landscape.
A new backdoor, "Noodle RAT" has caused widespread alarm across the cybersecurity landscape. Research highlights this previously undisclosed malware used by Chinese-speaking groups engaged in cybercrime and espionage activities.
Gitloker attacks have emerged with increased frequency in recent weeks, targeting GitHub repositories by wiping them clean of all content before demanding ransom for accessing accounts using stolen user credentials. These attacks threaten to use this stolen data unless an appropriate ransom payment is received.
Security researchers have recently identified an innovative Linux ransomware variant developed by the TargetCompany ransomware group. This variant targets ESXi environments and uses a custom shell script for payload delivery and execution, something not previously observed by TargetCompany operations.
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security threat. The group continuously evolves its toolkit by integrating newly disclosed vulnerabilities to expand its botnet.
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect our systems. Security researchers have identified a massive botnet comprising over 400,000 compromised Linux servers, reinforcing the need to stay alert and implement robust security measures. Let's examine the significance of this discovery and what we can learn from it to protect against future attacks.