#LinuxSecurity

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

by

December 13, 2024 at 04:45AM Researchers have identified a sophisticated Linux rootkit named PUMAKIT, capable of privilege escalation and evasion from detection. It uses multi-stage architecture, advanced stealth techniques, and hooks into system calls to conceal its presence while communicating with command-and-control servers. This highlights increasing malware complexity on Linux systems. **Meeting Takeaways from December … Read more

‘Bootkitty’ First Bootloader to Take Aim at Linux

by

December 2, 2024 at 05:34PM Researchers have discovered “Bootkitty,” a proof-of-concept UEFI bootkit for Linux, developed by Korean students for cybersecurity training. Although still unfinished, it exploits vulnerabilities allowing it to bypass Secure Boot. This notable malware indicates a shift in bootkit attacks targeting Linux systems, previously dominated by Windows-focused malware. ### Meeting Takeaways: 1. … Read more

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

by

December 2, 2024 at 01:08PM The ‘Bootkitty’ UEFI bootkit, the first malware targeting Linux systems, exploits CVE-2023-40238 (known as ‘LogoFAIL’) to infect computers with vulnerable UEFI firmware. This discovery highlights a significant security threat for Linux users. **Meeting Notes Takeaways:** 1. **Introduction of ‘Bootkitty’:** A new UEFI bootkit known as ‘Bootkitty’ has been identified, targeting … Read more

Discover the future of Linux security

by

December 2, 2024 at 09:52AM Red Hat invites IT professionals to the State of Linux Security Symposium 2024 on December 10th, 10am PT/1pm ET. The event covers security principles, supply chain protection, and the benefits of Red Hat Enterprise Linux, featuring real-world insights and collaboration strategies for enhancing Linux infrastructure security. Sign up to participate. … Read more

Researchers discover first UEFI bootkit malware for Linux

by

November 27, 2024 at 12:43PM A new UEFI bootkit designed to target Linux systems has been identified, indicating a significant change in the landscape of stealthy and difficult-to-remove bootkit threats, which have primarily been aimed at Windows platforms until now. **Meeting Takeaways:** – A new UEFI bootkit has been identified that specifically targets Linux systems. … Read more

ESET Flags Prototype UEFI Bootkit Targeting Linux

by

November 27, 2024 at 12:07PM ESET has identified a prototype UEFI bootkit, named Bootkitty, targeting specific Ubuntu Linux configurations, marking a shift from Windows-exclusive attacks. While still in development, Bootkitty aims to disable kernel signature verification, allowing unsigned modules to load. A related module, BCDropper, exhibits rootkit-like behavior. **Meeting Takeaways:** 1. **Discovery of UEFI Bootkit:** … Read more

First-ever UEFI bootkit for Linux in the works, experts say

by

November 27, 2024 at 10:36AM Security researchers have discovered “Bootkitty,” the first UEFI bootkit targeting Linux, specifically some Ubuntu releases. Although currently a proof of concept, its existence indicates a shift in UEFI threat dynamics, dispelling the notion that such threats are exclusive to Windows, and highlights the need for future preparedness. ### Meeting Takeaways … Read more

Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels

by

November 27, 2024 at 08:03AM Researchers have identified Bootkitty, the first UEFI bootkit designed for Linux systems, produced by BlackCat. As a proof-of-concept, it aims to disable kernel signature verification and preload unknown binaries. While not yet used in attacks, it signifies a shift in UEFI threats beyond Windows, highlighting future cybersecurity risks. ### Meeting … Read more

Chinese APT Gelsemium Deploys ‘Wolfsbane’ Linux Variant

by

November 21, 2024 at 03:32PM Recent modifications to Chinese backdoors, particularly Gelsemium’s new tools Wolfsbane and Firewood, target Linux systems, marking a significant shift in malware development. As organizations increasingly adopt Linux, experts highlight a surge in Linux-based cyber threats, with 54% of endpoint attacks affecting Linux in 2023. ### Meeting Takeaways 1. **Emergence of … Read more

Ubuntu Linux impacted by decade-old ‘needrestart’ flaw that gives root

by

November 20, 2024 at 02:11PM Five local privilege escalation vulnerabilities in Ubuntu’s needrestart utility were discovered by Qualys, tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. All were fixed in version 3.8. Attackers with local access could exploit these flaws to gain root privileges. ### Meeting Takeaways: 1. **Vulnerability Overview**: Five local privilege escalation (LPE) … Read more