Linux Hacks & Cracks

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone was the recent discovery of Bootkitty, the first known UEFI bootkit explicitly designed to target ...
Dec 02, 2024
  0

Perfctl Unveiled: Risks, Detection, and Proactive Defense Measures

Security researchers have discovered a sophisticat...
Nov 26, 2024
  0
28.Lock Globe Esm H115

Unveiling the WolfsBane Backdoor: Gelsemium's Linux Variant of Gelsevirine

WolfsBane, the latest Linux variant of the Gelsevirine ...
Nov 25, 2024
  0
31.Lock DigitalRoom Esm H115

Discover Hacks/Cracks News

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone was the recent discovery of Bootkitty, the first known UEFI bootkit explicitly designed to target Linux systems, unlike many of those targeting Windows systems in recent years. Bootkitty's appearance illustrates a crucial shift as its prevalence underscores an ever-increasing sophistication and diversity of threats facing Linux administrators and infosec professionals, signaling an urgent need for tailored defenses to protect these environments.

Unveiling the WolfsBane Backdoor: Gelsemiums Linux Variant of Gelsevirine

Unveiling the WolfsBane Backdoor: Gelsemium's Linux Variant of Gelsevirine

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

WolfsBane, the latest Linux variant of the Gelsevirine backdoor, marks a historic turning point in cybersecurity. Attributed to the Gelsemium advanced persistent threat (APT) group, this Linux-based threat broadened their focus from being exclusively Windows-centric since 2014. With sophisticated cyber espionage campaigns by this APT group dating back to 2014, this recent shift to targeting Linux systems is an alarming move considering Linux's widespread deployment across critical infrastructure environments and enterprises.

CRON#TRAP Exposed: Innovative Malware in Emulated Linux Systems

CRON#TRAP Exposed: Innovative Malware in Emulated Linux Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security threats continue to emerge from every corner of the cyber universe, with malicious actors constantly innovating new techniques to breach systems and remain undetected. One such creative attack is an emerging campaign dubbed "CRON#TRAP," which uses emulated Linux environments to execute malicious commands stealthily.

Mitigating Akira Ransomware Risks: Essential Recommendations for Network Security

Mitigating Akira Ransomware Risks: Essential Recommendations for Network Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Cisco Talos' recent discovery of a Rust variant of the Akira ransomware targeting ESXi servers demonstrates how quickly modern cyber threats evolve. Akira ransomware is one of the most formidable. According to their research, Its operators have continuously developed their tactics, techniques, and procedures (TTPs), solidifying their position as notorious adversaries.

Unmasking Cicada3301: Inside the Operations of a Notorious RaaS Network

Unmasking Cicada3301: Inside the Operations of a Notorious RaaS Network

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Recent advancements by cybersecurity researchers have shed additional light on Cicada3301, an emerging and formidable ransomware-as-a-service (RaaS) threat. Thanks to an analysis conducted by Group-IB researchers who gained access to its affiliate panel on the dark web, a deeper understanding of Cicada3301's operations, targets, and potential effects on the cyber threat landscape has been achieved, enabling businesses to prepare themselves for this emerging risk more effectively.

The Infiltration of Supply Chain Attacks in Open-Source Software Management

The Infiltration of Supply Chain Attacks in Open-Source Software Management

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them than ever. Checkmarx researchers recently identified that malicious actors are exploiting entry points into popular package ecosystems such as PyPI (Python's package index) and npm (Node.js package manager) to Trojanize command-line interface (CLI) commands from running.

Protecting Apache2: Insights into a New Linux Malware Threat

Protecting Apache2: Insights into a New Linux Malware Threat

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Elastic researchers recently identified an advanced Linux malware campaign targeting Apache2 web servers, underscoring the need for sysadmins and cybersecurity specialists to be increasingly aware of the growing Linux malware threat. Constant vigilance in cybersecurity is necessary to guard systems from emerging attacks, especially as cyber threats continue to advance and become more challenging to detect.

TeamTNT Hackers Attacking VPS Servers Running CentOS

TeamTNT Hackers Attacking VPS Servers Running CentOS

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security researchers have recently observed an alarming resurgence of TeamTNT, a notorious hacking group known for targeting cloud infrastructures. Their latest campaign zeroes in on Virtual Private Server (VPS) environments running CentOS, particularly version 7.

Defend Against Double-Extortion Ransomware Targeting Linux Systems

Defend Against Double-Extortion Ransomware Targeting Linux Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

As cybersecurity evolves, so too has its threats. Symantec recently identified an emerging threat aimed at Linux systems. This new type of ransomware (called double extortion by its creators) encrypts files and exfiltrates and holds onto data, demanding ransom payments in return. Such sophisticated cybercriminal tactics highlight their audacity while attacking many enterprise and cloud environments - an audacious move by cybercriminals targeting such essential infrastructure as server farms.

Essential Strategies for Linux Admins to Defend Against Trojanized jQuery Attacks

Essential Strategies for Linux Admins to Defend Against Trojanized jQuery Attacks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security professionals and system administrators face growing cyber threats in today's digital environment, making defending systems increasingly challenging. A recent discovery by Phylum revealed a sophisticated large-scale operation targeting Node Package Manager (npm), GitHub repositories, and Content Delivery Networks (CDNs) via trojanized versions of the jQuery JavaSecript library.

Understanding Snowblind: New Seccomp Exploitation Threatening Android Security

Understanding Snowblind: New Seccomp Exploitation Threatening Android Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware targets Android apps used for banking apps in Southeast Asia using an unconventional exploit method involving seccomp, a Linux kernel feature. Snowblind first surfaced through Promon partner i-Sprint's discovery and represents a significant shift in attack vectors in that region.

Securing WordPress Against Supply-Chain Attacks: Practical Strategies and Insights

Securing WordPress Against Supply-Chain Attacks: Practical Strategies and Insights

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites. Five widely used plugins were infected with malware, which opened a backdoor that allowed attackers to manipulate SEO elements and gain administrative access. This shocking discovery should warn developers, administrators, and website owners about the dangers lurking within software supply chains.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved