July 1, 2024 at 03:48PM A remote code execution vulnerability in OpenSSH, named “RegreSSHion,” allows attackers to take over Linux systems. The bug, with a CVSS score of 8.1, enables root access and poses significant security risks. Despite its challenging exploitability, the need for rigorous security measures and prompt patching is emphasized, with updates available … Read more
July 1, 2024 at 09:39AM A new OpenSSH vulnerability, known as “regreSSHion,” allows unauthenticated remote attackers to gain root privileges on glibc-based Linux systems. If exploited, it could lead to severe consequences such as system takeover and data manipulation. The vulnerability affects OpenSSH servers on Linux from version 8.5p1 up to version 9.8p1 and can … Read more
July 1, 2024 at 08:06AM OpenSSH has issued security updates for a critical flaw enabling unauthenticated remote code execution with root privileges in glibc-based Linux systems. Dubbed CVE-2024-6387, the race condition bug affects versions 8.5p1 to 9.7p1, potentially leading to full system compromise. Users are urged to apply the latest patches and enforce network-based controls … Read more
June 1, 2024 at 05:34PM Kaspersky released a new virus removal tool called KVRT for Linux, offering free scanning and removal of malware and known threats. Despite misconceptions about Linux security, recent backdoor examples prove otherwise. KVRT is not real-time protection but scans and cleans malware, adware, and more, supporting various Linux distributions. The tool … Read more
May 28, 2024 at 11:33PM A cyber-espionage group, Transparent Tribe, known for targeting government and defense sectors in India, has expanded its tactics to include targeting Linux systems using legitimate software techniques, including Google Drive and Telegram. Despite a history of targeting India, the group has also attacked the US, Europe, and Australia. They utilize … Read more
May 17, 2024 at 12:09PM The Ebury botnet, operating for 15 years, has compromised numerous servers, targeting universities, enterprises, and cryptocurrency traders. It employs tactics to steal credentials, intercept SSH traffic, and pivot towards credit card and cryptocurrency theft. Despite the imprisonment of a key perpetrator, Ebury’s operators remain active and pose ongoing challenges for … Read more
May 17, 2024 at 05:33AM The Kimsuky APT group, associated with North Korea’s Reconnaissance General Bureau, has been observed deploying the Gomir backdoor on Linux to target South Korean organizations. The malware shares extensive code with GoBear and is distributed through trojanized security programs. The campaign highlights the preference for software installation packages as infiltration … Read more
May 7, 2024 at 10:51AM A critical vulnerability in XZ Utils raised comparisons to the SolarWinds hack and highlighted the power of the open source community in averting a disaster. However, it also raised questions about security and trust within the ecosystem. The incident suggests the need for stricter security measures and consideration of internal … Read more
April 10, 2024 at 01:24PM Researchers have developed the first native Spectre v2 exploit, affecting Linux systems on modern Intel processors. The discovery highlights the ongoing challenge of balancing performance optimization with security. Spectre V2 leverages speculative execution, leaving traces of sensitive data in CPU caches, and introduces security risks. Various entities are responding with … Read more
April 6, 2024 at 12:18PM A recently discovered sophisticated backdoor in the xz software library raised concerns about the security of open-source code. The backdoor could allow remote control over infected systems, highlighting the risks of widely used code. Experts debate whether large corporations should contribute to securing such code. Join the Kettle series for … Read more