October 26, 2024 at 08:34AM Attackers can exploit Windows Update to downgrade kernel components, bypassing security features and allowing rootkit deployment on patched systems. Researcher Alon Leviev demonstrated this vulnerability and developed a tool called Windows Downdate, highlighting the dangers of downgrade attacks that undermine the meaning of a “fully patched” system. ### Meeting Takeaways: … Read more
June 25, 2024 at 06:03AM The innocuous Linux botnet, “P2PInfect,” has transformed into a potent threat, incorporating a rootkit, cryptominer, and ransomware. Its propagation method exploits the Redis database application, primarily impacting East Asia. Organizations worldwide, utilizing Redis, are advised to enhance server protection measures against this evolving malware. Detecting its artifacts such as high … Read more
February 1, 2024 at 02:11PM CERT-UA warns about the PurpleFox malware infecting over 2,000 computers in Ukraine. The malware, first seen in 2018, has evolved to switch to using WebSocket for stealthy command and control communications. CERT-UA provides detailed information on how to locate and remove the malware and recommends measures to prevent further spreading. … Read more
December 7, 2023 at 09:31AM Security experts found a previously undetected malware named Krasue, targeting Linux systems in Thai telecoms since 2021. Krasue includes seven rootkit variants, based on open-source code, to remain undetected and ensure persistent access, possibly through botnets. Its origin is unknown, but it shares similarities with XorDdos malware. Group-IB provided detection … Read more