Linux Hacks & Cracks

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone was the recent discovery of Bootkitty, the first known UEFI bootkit explicitly designed to target ...
Jan 17, 2025
  0

Navigating The Rising Threat of Zero-Day Rootkits in Linux Environments

Since Linux has become such an indispensable backbone o...
Jan 14, 2025
  0
11.Locks IsometricPattern Esm H115

New Interlock Ransomware Targets Critical Linux Infrastructure, FreeBSD Servers

The recent emergence of the Interlock ransomware group ...
Dec 26, 2024
  0
34.Key AbstractDigital Esm H115

Discover Hacks/Cracks News

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone was the recent discovery of Bootkitty, the first known UEFI bootkit explicitly designed to target Linux systems, unlike many of those targeting Windows systems in recent years. Bootkitty's appearance illustrates a crucial shift as its prevalence underscores an ever-increasing sophistication and diversity of threats facing Linux administrators and infosec professionals, signaling an urgent need for tailored defenses to protect these environments.

igating The Rising Threat of Zero-Day Rootkits in Linux Environments

Navigating The Rising Threat of Zero-Day Rootkits in Linux Environments

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Since Linux has become such an indispensable backbone of servers, embedded systems, and IoT devices across industries, its attractiveness as a target of sophisticated cyber threats has increased substantially. Recently, Fortinet researchers made headlines when they unearthed an advanced rootkit malware preying on Linux systems by exploiting zero-day vulnerabilities to gain control and avoid detection - an alarming discovery for us admins responsible for safeguarding against evolving threats to secure their Linux environments.

New Interlock Ransomware Targets Critical Linux Infrastructure, FreeBSD Servers

New Interlock Ransomware Targets Critical Linux Infrastructure, FreeBSD Servers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The recent emergence of the Interlock ransomware group has put Linux security admins on high alert, particularly those overseeing FreeBSD servers. Launched in late September 2024, Interlock sets itself apart by employing a custom-built encryptor designed specifically for FreeBSD, making it a significant threat for organizations relying on this operating system due to its prevalence in critical infrastructure. With six confirmed attacks, including a notable incident in Wayne County, Michigan, the ransomware's impact is already palpable.

LockBit 4.0 Warning: Enhancing Linux Defenses Against Evolving Ransomware

LockBit 4.0 Warning: Enhancing Linux Defenses Against Evolving Ransomware

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

LockBit ransomware group recently made headlines when they revealed their upcoming version, LockBit 4.0, signaling an imminent increase in sophisticated cyberattacks against Linux systems and VMware ESXi infrastructure. This announcement serves as a wake-up call for Linux security admins to fortify defenses against potential incursions with proactive strategies for protecting their systems against ransomware attacks.

MUT-1244: The Latest Threat To Your Sensitive Credentials

MUT-1244: The Latest Threat To Your Sensitive Credentials

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In recent months, Linux security administrators and WordPress site owners have encountered a formidable adversary: MUT-1244. This threat actor has been unleashing havoc by targeting academics, penetration testers, red teamers, security researchers, and other threat actors. MUT-1244's primary goal is to acquire sensitive data, including AWS access keys and WordPress account credentials.

Combating the Surge in WordPress Supply-Chain Backdoors

Combating the Surge in WordPress Supply-Chain Backdoors

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites. Five widely used plugins were infected with malware, which opened a backdoor that allowed attackers to manipulate SEO elements and gain administrative access. This shocking discovery is a necessary warning to developers, administrators, and website owners about the dangers lurking within software supply chains.

Decoding PUMAKIT: A Deep Dive into Multi-Stage Malware and Advanced Evasion Techniques in Linux

Decoding PUMAKIT: A Deep Dive into Multi-Stage Malware and Advanced Evasion Techniques in Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The recently discovered PUMAKIT loadable kernel module (LKM) rootkit stands out as an advanced example of multi-stage malware, operating over multiple stages to avoid detection and establish control on targeted systems. It does not simply plant malicious software; instead. It involves an intricate web of activities starting with droppers, memory executables, and rootkits before finally arriving at its final goal - complete control.

Unveiling the WolfsBane Backdoor: Gelsemiums Linux Variant of Gelsevirine

Unveiling the WolfsBane Backdoor: Gelsemium's Linux Variant of Gelsevirine

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

WolfsBane, the latest Linux variant of the Gelsevirine backdoor, marks a historic turning point in cybersecurity. Attributed to the Gelsemium advanced persistent threat (APT) group, this Linux-based threat broadened their focus from being exclusively Windows-centric since 2014. With sophisticated cyber espionage campaigns by this APT group dating back to 2014, this recent shift to targeting Linux systems is an alarming move considering Linux's widespread deployment across critical infrastructure environments and enterprises.

CRON#TRAP Exposed: Innovative Malware in Emulated Linux Systems

CRON#TRAP Exposed: Innovative Malware in Emulated Linux Systems

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security threats continue to emerge from every corner of the cyber universe, with malicious actors constantly innovating new techniques to breach systems and remain undetected. One such creative attack is an emerging campaign dubbed "CRON#TRAP," which uses emulated Linux environments to execute malicious commands stealthily.

Mitigating Akira Ransomware Risks: Essential Recommendations for Network Security

Mitigating Akira Ransomware Risks: Essential Recommendations for Network Security

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Cisco Talos' recent discovery of a Rust variant of the Akira ransomware targeting ESXi servers demonstrates how quickly modern cyber threats evolve. Akira ransomware is one of the most formidable. According to their research, Its operators have continuously developed their tactics, techniques, and procedures (TTPs), solidifying their position as notorious adversaries.

Unmasking Cicada3301: Inside the Operations of a Notorious RaaS Network

Unmasking Cicada3301: Inside the Operations of a Notorious RaaS Network

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Recent advancements by cybersecurity researchers have shed additional light on Cicada3301, an emerging and formidable ransomware-as-a-service (RaaS) threat. Thanks to an analysis conducted by Group-IB researchers who gained access to its affiliate panel on the dark web, a deeper understanding of Cicada3301's operations, targets, and potential effects on the cyber threat landscape has been achieved, enabling businesses to prepare themselves for this emerging risk more effectively.

The Infiltration of Supply Chain Attacks in Open-Source Software Management

The Infiltration of Supply Chain Attacks in Open-Source Software Management

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them than ever. Checkmarx researchers recently identified that malicious actors are exploiting entry points into popular package ecosystems such as PyPI (Python's package index) and npm (Node.js package manager) to Trojanize command-line interface (CLI) commands from running.

Protecting Apache2: Insights into a New Linux Malware Threat

Protecting Apache2: Insights into a New Linux Malware Threat

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Elastic researchers recently identified an advanced Linux malware campaign targeting Apache2 web servers, underscoring the need for sysadmins and cybersecurity specialists to be increasingly aware of the growing Linux malware threat. Constant vigilance in cybersecurity is necessary to guard systems from emerging attacks, especially as cyber threats continue to advance and become more challenging to detect.

TeamTNT Hackers Attacking VPS Servers Running CentOS

TeamTNT Hackers Attacking VPS Servers Running CentOS

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security researchers have recently observed an alarming resurgence of TeamTNT, a notorious hacking group known for targeting cloud infrastructures. Their latest campaign zeroes in on Virtual Private Server (VPS) environments running CentOS, particularly version 7.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved