September 26, 2024 at 06:09PM Attackers can exploit multiple vulnerabilities in the CUPS open-source printing system (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177) discovered by Simone Margaritelli to execute remote code. The cups-browsed daemon, when enabled, can be exploited to automatically install a malicious printer, but mitigations such as disabling the service are available. Red Hat has rated … Read more
September 20, 2024 at 04:21PM North Korean threat group, Gleaming Pisces, is suspected of covertly embedding remote access malware into open source Python packages for macOS and Linux, targeting developers. The malware, named PondRAT, executes malicious code to download a trojan. The group’s focus on non-Windows systems reflects its audience: developers. Vigilance against phishing attacks … Read more
September 13, 2024 at 02:30AM Cybersecurity researchers have discovered a new malware campaign targeting Linux environments to illicitly mine cryptocurrency, focusing on the Oracle Weblogic server. The malware, named Hadooken, deploys a crypto miner and a DDoS botnet, exploiting vulnerabilities and misconfigurations to spread across connected environments. The campaign is linked to hosting companies in … Read more
September 6, 2024 at 01:39AM A high-severity vulnerability (CVE-2024-45195) in Apache OFBiz ERP system allows unauthenticated remote code execution. The flaw, impacting all versions before 18.12.16, lets attackers execute arbitrary code and has been used to deploy the Mirai botnet malware. The latest patch also tackles a critical SSRF vulnerability (CVE-2024-45507). Key takeaways from the … Read more
August 1, 2024 at 08:06AM A security audit sponsored by the Open Tech Fund in August 2023 found 25 security defects in Homebrew, a popular package manager for macOS and Linux. The vulnerabilities allowed for code execution, privilege escalation, and secrets exfiltration. Trail of Bits notes the lack of explicit security documentation and the informal … Read more
May 14, 2024 at 12:37PM Summary: Ebury, a malware botnet, has infected nearly 400,000 Linux servers since 2009, with around 100,000 still compromised in late 2023. ESET researchers have tracked the financially motivated operation for over a decade, observing updates in its capabilities. Recent tactics involve breaching hosting providers, stealing credentials, exploiting vulnerabilities, and employing … Read more
April 10, 2024 at 06:33AM Researchers have disclosed the first native Spectre v2 exploit against the Linux kernel on Intel systems, called Native Branch History Injection (BHI), allowing to leak sensitive data from memory. The exploit can bypass existing mitigations and impacts all vulnerable Intel systems. Other recent related vulnerabilities include GhostRace and Ahoi Attacks, … Read more
April 3, 2024 at 07:12AM An XZ Utils backdoor, reminiscent of a 2020 F-Droid attempt, highlighted the trend of targeting open source software. Jia Tan, posing as a legitimate developer, embedded a backdoor for remote code execution via Linux systems. Collin’s investigation promises more details, as experts predict further supply chain attacks in open source … Read more
March 29, 2024 at 07:09AM A vulnerability in the “wall” command of the util-linux package, tracked as CVE-2024-28085, allows unprivileged users to manipulate other users’ terminals on certain Linux distributions. This could lead to password leaks or clipboard alteration. Users are advised to update to util-linux version 2.40 to address this issue. Another vulnerability, CVE-2024-1086, … Read more
March 21, 2024 at 08:31AM The text is about Syslog messages, their importance in system monitoring, and the best free Syslog servers. It emphasizes the collection and processing of Syslog messages, reviews the method of collecting log messages and log message mining, and provides a detailed list of the best free Syslog servers, along with … Read more